10 Ways Ransomware Operators Ramp Up the Pressure to Pay

No photo availableByKevin Namunwa
2 min read
A global cybersecurity firm, Sophos Rapid Response, has detailed top 10 ways ransomware operators ramp up the pressure to pay
It has been based on evidence and insight from Sophos’
It has been based on evidence and insight from Sophos’ Rapid Response team of 24/7 incident responders who help organizations under active cyberattack. It highlights the shift in ransomware pressure techniques from solely encrypting data to including other pain points, such as harassing employees.

A global cybersecurity firm, Sophos Rapid Response, has detailed top 10 ways ransomware operators ramp up the pressure to pay in an article that shows how ransomware attackers are implementing a wide range of ruthless pressure tactics to persuade victims to pay the ransom.

It has been based on evidence and insight from Sophos’ Rapid Response team of 24/7 incident responders who help organizations under active cyber-attack. It highlights the shift in ransomware pressure techniques from solely encrypting data to including other pain points, such as harassing employees.

“The Sophos Rapid Response team has seen cases where attackers email or phone a victim’s employees, calling them by their name and sharing personal details they’ve stolen – such as any disciplinary actions or passport information – with the aim of scaring them into demanding their employer pays the ransom. This kind of behavior shows how ransomware has shifted from a purely technical attack targeting systems and data into one that also targets people,” said Peter Mackenzie, director, Incident Response at Sophos.

 

How Attackers Ramp up the Pressure to Pay

Below are the top 10 ways attackers are increasing pressure on their ransomware victims to get them to pay the ransom:

 

  1. Stealing data and threatening to publish or auction it online
  2. Emailing and calling employees, including senior executives, threatening to reveal their personal information
  3. Notifying or threatening to notify business partners, customers, the media, and more of the data breach and exfiltration
  4. Silencing victims by warning them not to contact the authorities
  5. Recruiting insiders to help them breach networks
  6. Resetting passwords
  7. Phishing attacks targeting victim email accounts
  8. Deleting online backups and shadow volume copies
  9. Printing physical copies of the ransom note on all connected devices, including point of sale terminals
  10. Launching distributed denial-of-service attacks against the target’s website

Sophos Rapid Response has explained each tactic in more detail, with examples of ransomware groups that have deployed that tactic. The article also includes advice on what defenders can do to protect their organization and employees from attacker behaviors and cyber-threats in general.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co