SAN FRANCISCO – Ransomware groups have always taken a more-is-more approach. If a victim pays a ransom and then goes back to business as usual—hit them again. Or don’t just encrypt a target’s systems; steal their data first, so you can threaten to leak it if they don’t pay up. The latest escalation? Ransomware hackers who encrypt a victim’s data twice at the same time.

Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other.

Some victims get two ransom notes at once, Callow says, meaning that the hackers want their victims to know about the double-encryption attack. In other cases, though, victims only see one ransom note and only find out about the second layer of encryption after they’ve paid to eliminate the first.

To read more, click on