Under pressure: how ransomware gangs force victims to pay
Malware deployment is just one side of the extortion. A breach is usually followed by an orchestrated bullying campaign, far surpassing company boundaries.
Ransomware has been dominating the cyber landscape in 2021 as every week, more than 1,200 organizations fall victim to extortion worldwide.
While the ever-present threat forced businesses to up their defenses against extortion gangs, cybercriminals add additional pressure, too, trying to force victims to empty their pockets.
According to Peter Mackenzie, director, Incident Response at Sophos, a cybersecurity company, attackers don’t shy from calling victims’ employees by their name and sharing personal details they’ve stolen.
The goal is to scare the employees into adding pressure on the employers to pay the ransom.
“This kind of behavior shows how ransomware has shifted from a purely technical attack targeting systems and data into one that also targets people,” Mackenzie said.
Researchers at Sophos looked at the most common ways attackers try to pressure victims into paying. Unsurprisingly the most common threat involves publishing or auctioning stolen data on a hacker forum.
The second most frequent tactic is emailing employees and senior executives, threatening to reveal their personal information to the public. If that doesn’t force the victim to pay, gangs notify the victim’s business partners, customers, and even media.
Top 10 ways ransomware attackers ramp up pressure to pay:
- Stealing data and threatening to publish or auction it online
- Emailing and calling employees, including senior executives, threatening to reveal their personal information
- Notifying or threatening to notify business partners, customers, the media, and more of the data breach and exfiltration
- Silencing victims by warning them not to contact the authorities
- Recruiting insiders to help them breach networks
- Resetting passwords
- Phishing attacks targeting victim email accounts
- Deleting online backups and shadow volume copies
- Printing physical copies of the ransom note on all connected devices, including point of sale terminals
- Launching distributed denial-of-service attacks against the target’s website
Ransomware gold rush
Cyberattacks are increasing in scale, sophistication, and scope. The last 12 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya. Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.
The prevalence of ransomware has forced governments to take multilateral action against the threat. It’s likely a combined effort allowed to push the infamous REvil cartel offline. Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
An average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.
Reports show that people most vulnerable to cybercrime tend to be adults over 75 and younger adults. Criminals were taking advantage of the uncertainty caused by the pandemic and the flood of new users to digital channels, who were especially susceptible to attack.
More from CyberNews
Subscribe to our newsletter