F-Secure’s Attack Landscape Update report has revealed that, in 2020, double-extortion ransomware attacks increased drastically. Using this tactic, threat actors not only encrypt files but steal data from organizations. Later, this stolen data is used as leverage to pressurize victims into paying the ransom, or else their data gets leaked online.

What’s in the report?

Last year, 15 ransomware families used the double-extortion approach, in comparison to only one in 2019. In addition, around 40% of newly discovered ransomware families utilized the tactic in 2020.
  • Maze ransomware was the first malware that started the trend of double-extortion in late 2019. By the end of 2020, this tactic was being used by several other ransomware families.
  • Some of the major active ransomware families using double-extortion techniques include Doppelpaymer, Conti, Clop, Ragnar Locker, and ChaCha.

Common infection vectors

  • One of the most common infection vectors in 2020 was email attack, responsible for over half of all malware infection attempts.
  • The use of Excel formulas to obfuscate malicious code saw a three-fold increase in the second half of 2020.
  • The most popular brands used for email spoofing were Outlook, Office365, and Facebook Inc. Moreover, web hosting services were responsible for three-quarters of domains used to host phishing pages.

Other trends observed in the report

Additionally, the report highlighted other significant cybersecurity trends observed in 2020.
  • The two most prominent malware families in the latter half of 2020 were Lokibot and Formbook info-stealers.
  • Moreover, F-Secure highlighted that more than half of the supply chain attacks targeted utility or application software, in the last ten years.
  • Around 61% of vulnerabilities spotted in corporate networks were disclosed before 2016 and were five years old.


The double-extortion tactic is another big challenge faced by organizations that possess confidential or sensitive information. Organizations having reliable backups and effective restoration solutions in place are often in a stronger position to defend against such ransomware attacks, as well as other cyber threats.

Cyware Publisher