Glossary
Double extortion
A ransomware tactic that steals data before encrypting it, so the attacker can threaten to leak it even if you restore from backup.
Double extortion is why "we have backups" no longer ends the conversation. Before encrypting anything, the operator exfiltrates your data. Now they have two levers: decrypt for a fee, and stay quiet about the stolen copy for another. Restore cleanly from backup and you still have a leak threat hanging over you.
This is the norm for serious ransomware now, and it breaks the old logic that good backups make you immune. Paying the leak demand buys a promise from people whose business is breaking promises, and "we deleted it, here's a screenshot" is worth nothing. The defense is not paying, it is not getting the data exfiltrated in the first place.