How cybercriminals have expanded their tactics to demand ransom payments

More and more companies and organizations are becoming aware of the damage that a ransomware attack can cause and are paying attention to it. With the rise of these types of cybercrime attacks, organizations around the world are increasingly looking to adopt practices that will make them less vulnerable to an invasion that could lead to the leak or complete loss of confidential data.

But cybercriminals are persistent and are now analyzing stolen data in search of sensitive information that could be used to pressure leaders of organizations into paying, with the aim of fully increasing the amount of ransom money being paid.

This new strategy by cybercriminals has proven to be extremely dangerous as it can put both customers, employees, and employees’ families at risk.

When an attack is successful and data is compromised, the attackers perform an analysis to find information that will help them develop strategies to put pressure on those in positions of command.

Personal documents, intimate photos, and even medical reports are some of the types of content criminals try to find to gain an advantage in extortion scenarios.

Narrative control

A big part of this strategy of analyzing compromised data to find advantages to blackmail victims involves controlling the narrative surrounding the crime.

Because attackers have confidential information, they use it to blame corporate leaders for the chaos created by a ransomware attack, while absolving themselves of any blame as an attempt to justify the invasions due to a lack of command and/or lack of investment in security.

According to a recent study by Sophos, one of the most commonly used methods is to directly pressure collaborators and employees to demand compensation in case their personal data is leaked.

The same goes for customers and trading partners who start demanding ransom payments to prevent contracts and business strategies from being compromised. The idea is always to change the focus of the situation by trying to weaken the efforts to combat criminals and increasing the pressure on third parties to carry out the recovery.

Criminals find that if they can twist the narrative to blame leaders, they stand a much better chance of getting what they are demanding for ransom.

Possible damage

It is crucial to emphasize that this type of pressure exerted by ransomware attackers can cause a lot of damage, not only financially but also to the reputation of the companies and individuals whose data is exposed.

When a company’s security credibility is questioned by employees and partners, it can be difficult to make amends.

I can’t help but mention the potential personal issues that leaking confidential information could create. Sophos, a company I manage in Brazil, revealed that the Qiulong group had published the personal data of a CEO’s daughter, as well as a link to her Instagram profile.

The same research found that mental health records, children’s medical records, information about patients’ sexual problems and nude images have already been leaked in attacks targeting institutions in the health sector.

In addition, there is the possibility that companies could be blamed for the malicious behavior of their employees. Threats to demand ransom are often based on illegal actions taken by employees without the company’s permission.

One example of this was the case of the Monti group, which found an employee of a target company searching for child sexual abuse material and threatened to show it to the police if the organization did not pay a ransom.

How to prevent mugging

More than ever, companies need to invest in strong defense strategies that operate 24/7. It’s important to take a macro view of these threats, as the exposure of confidential information could harm many people involved in a ransomware attack scenario.

The more organizations invest in cybersecurity, such as endpoint solutions and managed detection and response (MDR) services, the more difficult the task of storing data will become, regardless of the industry in which they operate.