To ensure ransoms are paid, cyberattackers have evolved ransomware from a purely technical exercise into a multilateral social extortion campaign.
Ransomware attackers are implementing a wide range of ruthless pressure tactics to compel victims to pay the ransom.
Insights published by the rapid response team at Sophos have highlighted the shift in ransomware pressure techniques from solely encrypting data to including other pain points, such as harassing employees.
Here are the top 10 ways attackers are increasing pressure on their ransomware victims to get them to pay the ransom:
- Stealing data and threatening to publish or auction it online
- Emailing and calling employees, including senior executives, threatening to reveal their personal information
- Notifying or threatening to notify business partners, customers, the media, and more of the data breach and exfiltration
- Silencing victims by warning them not to contact the authorities
- Recruiting insiders to help them breach networks
- Resetting passwords
- Launching phishing attacks that target the email accounts of people whose data has been breached
- Deleting online backups and shadow volume copies
- Printing physical copies of the ransom note on all connected devices, including point-of-sale terminals
- Launching distributed denial-of-service attacks against the target’s website
Commenting on this, Peter Mackenzie, Director of Incident Response, Sophossaid: “Since organizations have become better at backing up their data and restoring encrypted files from backups, attackers are supplementing their ransom demands with additional extortion measures that increase the pressure to pay.”
Mackenzie noted that his firm’s rapid response team has seen cases where attackers email or phone a victim’s employees, calling them by their name and sharing personal details they have stolen—such as any disciplinary actions or passport information—with the aim of scaring them into demanding their employer pays the ransom.
“This kind of behavior shows how ransomware has shifted from a purely technical attack targeting systems and data, into one that also targets people,” Mackenzie said.