In 2021, Sophos X-Ops released an article detailing the top ten ways ransomware operators apply pressure on their targets to compel payment. Fast forward to the present day, threat actors continue to evolve their tactics to further squeeze their victims.
The techniques outlined in the 2021 article, such as threats to expose data, contacting employees, and notifying the media about breaches, are still prevalent today. However, ransomware groups have begun employing new and alarming strategies to ramp up the intensity of their pressure.
One disturbing trend is the increasing use of legitimate entities like the news media, legislation, civil regulatory bodies, and law enforcement by ransomware operators to increase pressure on their victims. Criminals are even encouraging affected customers and employees to seek compensation or engage in lawsuits, sometimes going as far as providing contact information for CEOs and business owners.
Moreover, threat actors now claim to sift through stolen data for evidence of illegal activity, regulatory violations, and financial irregularities to exert more leverage and tarnish their target’s reputation. Ransomware criminals have also taken to openly criticizing their victims, attempting to portray them as unethical or negligent, and even positioning themselves as vigilantes in some cases.
Ransomware operators are displaying a growing comfort with leaking extremely sensitive data, such as medical records, explicit images, and personal information of individuals, including a CEO’s daughter, in a bid to escalate the pressure on organizations.
In recent years, ransomware groups have even resorted to leveraging legislation and litigation as tools to increase pressure on their targets. For instance, the ALPHV/BlackCat group filed a complaint with the Securities and Exchange Commission (SEC) against one of their own victims for failing to report a breach within the required time frame. This tactic of using legislation and the threat of legal action to intensify coercion is a new and concerning development.
Furthermore, ransomware operators are not stopping at just threatening organizations but are increasingly targeting secondary victims, such as patients of a cancer hospital or spouse of a CEO, to amplify the pressure. Swatting, a dangerous crime that involves making false reports to law enforcement to provoke a response, has also been used by some threat actors to escalate threats into the real world.
As ransomware gangs continue to evolve and adapt their tactics to coerce victims into paying up, the vulnerability and potential consequences for targeted organizations and individuals increase. The role of law enforcement, media, and regulatory bodies in handling ransomware incidents is becoming more prominent, and the need for comprehensive cybersecurity measures to counter these threats is paramount.
The future outlook suggests that ransomware operators will continue to innovate and employ novel strategies to enforce payment, inflict reputational damage, and possibly even venture into more nefarious activities if their demands are not met. Vigilance, robust cybersecurity defenses, and adherence to best practices are crucial in combating the menace of ransomware attacks.