How ransomware crews pile on the pressure to get victims to pay

The tactics and ways used by ransomware gangs to press their victims to pay rescue go beyond the simple trouble of posting data online or dealing it to others, news has revealed. information from the Sophos rapid-fire response platoon.Ransomware Crews Pile

 Sophos experimenters want to punctuate how ransomware squeezing ways have evolved from just data encryption to other issues. Peter Mackenzie, director of incident response at Sophos, said it’s getting decreasingly common for ransomware gangs to condense their requests with fresh gouging measures as numerous associations have much better shielded and defended their data.

“The Sophos Rapid Response team have seen cases where attackers email or phone a victim’s employees, calling them by name and sharing personal information they stole, such as disciplinary action or passport information, in an attempt to scare them and demand their employer pay the ransom, ”Mackenzie said.

Ransomware Crews Pile This type of behavior shows how ransomware has grown from a purely technical attack, targeting systems and data, to an attack that also targets people.

Data theft and leakage remain by far the most common tactic – indeed, it is safer to assume that if you have suffered a ransomware attack, you are also on the verge of suffering a major data breach. However, there are signs that ransomware gangs are now specifically exfiltrating data that is likely to cause the most damage. A recent Sophos investigation into a Conti attack on a transport logistics company found that the stolen data included details of active road crash investigations, including driver names and even fatalities.

The second most common tactic used today is to email and call employees of the victim organization and threaten to reveal their personal information – a technique favored by Conti, Maze, Ravil, and script.

Related to this, the third most popular tactic is to contact people or organizations whose contact details are held by the victim to scare them and urge them to pay to protect their information – Cl0p and REvil have enthusiastically taken this approach. . the media. Mackenzie said this would likely prevent victims from seeking help that would allow them to bypass the ransom payment, but also because, in recent months, many gangs have become more concerned with their image.

Earlier in October, frustrated by the leak of, or researchers via VirusTotal, and would disclose their data. In any event.

A newer technique that is rapidly gaining popularity is to recruit insiders into the target organization to allow ransomware attacks against others in exchange for reduced profits. In a case reviewed by Sophos, the LockBit 2.0 team actually ran an ad with their ransom note, looking for people to help them rape the victim’s third-party vendors and partners.

Some of the other common pressure tactics currently in use could be viewed as somewhat punitive measures designed to increase the likelihood of ransom payments by causing further frustration. These include resetting domain administrator passwords to thwart legitimate IT staff who log in to resolve the issue, deleting any connected backups they can find, launching denial attacks Distributed Service (DDoS) on target websites, and even blocking all desktop printers from continuously printing copies of the ransom note.

The fact that ransomware operators no longer limit their attacks to encrypting files that targets can often restore from backups shows how important it is for advocates to take a defense-in-depth approach to security,” Mackenzie said. “This approach should combine advanced security with employee education and awareness.

A newer fashion that’s fleetly gaining fashionability is to retain interposers into the target association to allow ransomware attacks against others in exchange for reduced gains. In a case reviewed by Sophos, the LockBit2.0 platoon actually ran an announcement with their rescue note, looking for people to help them force the victim’s third-party merchandisers and mates.

 Some of the other common pressure tactics presently in use could be viewed as kindly corrective measures designed to increase the liability of rescue payments by causing further frustration. These include resetting sphere director watchwords to baffle licit IT staff who log in to resolve the issue, deleting any connected backups they can find, launching denial attacks Distributed Service (DDoS) on target websites, and indeed blocking all desktop printers from continuously publishing clones of the rescue note.

 The fact that ransomware drivers no longer limit their attacks to cracking lines that targets can frequently restore from backups shows how important it’s for lawyers to take a defense-in-depth approach to security,” Mackenzie said. “ This approach must combine advanced safety with hand education and mindfulness.

Search for any Information About Cyber Security RAM research Center