The leader of next-generation cybersecurity, Sophos, has published an article highlighting the pressure methods ransomware attackers use to persuade their victims to pay the ransom. Compiled with evidence and observations from Sophos incident response teams that assist organizations under active cyberattack, the article reveals that ransomware no longer just encrypts data, but uses different techniques to force victims to pay ransom. The article also includes a voicemail recording left by the cyber attackers behind the SunCrypt ransomware to employees of one of the target organizations.
Peter Mackenzie, Director of Incident Response at Sophos, said: “As organizations become accustomed to backing up data and improve their ability to recover encrypted files using their backups, attackers are now resorting to extortion techniques to meet ransom demands. “This type of behavior shows that ransomware is no longer a technical type of attack, but a broader type of attack targeting employees and their personal data.”
How Attackers Force Victims to Pay
According to Sophos, the top 10 methods attackers use to pressure institutions to pay the ransom are as follows:
- After stealing data, they threaten to publish it online or sell it at auction.
- They intimidate employees, including senior managers, by e-mailing and calling, revealing their personal information.
- They say they will notify their business partners, customers or media that their company has been hacked and their data has been stolen.
- They pressure their victims not to apply to official authorities.
- They infiltrate networks by collaborating with some employees inside.
- They are resetting passwords.
- They send phishing messages to victims’ email addresses.
- They are deleting online backups and shadow copies.
- They are printing ransom notes from all connected devices including sales terminals.
- By performing DDoS attacks against the target website, they take the site out of service.
The article explains each tactic in detail, with examples of ransomware groups using these tactics. The article also includes advice on what corporate security experts can do to protect their organizations and employees from attackers and cyber threats.
You can find more information on the behavior of cyber attackers, cyber incidents and advice that security operations experts can benefit from at Sophos News SecOps.
For more information on the different types of ransomware, the tactics, techniques and procedures they use, you can visit SophosLab Uncut.
30323
