iTnews Asia
  • Home
  • News
  • Security

Ten pressure tactics by ransomware attackers

Ten pressure tactics by ransomware attackers

The new pressure tactics highlight the shift in ransomware pressure techniques from solely encrypting data to including other pain points, such as harassing employees.

By iTnews Asia Team on Nov 8, 2021 11:52AM

With ransomware attacks on the rise and reaching a peak in forced payments this year, this new form of cyber scourge is now a global problem that organisations cannot ignore.

To raise more awareness, Sophos’ Rapid Response – a team of 24/7 incident responders who are helping organisations cope with active cyber attacks – has detailed 10 tactics ransomware attackers are deploying to persuade victims to pay the ransom:

  1. Stealing data and threatening to publish or auction it online
  2. Emailing and calling employees, including senior executives, threatening to reveal their personal information
  3. Notifying or threatening to notify business partners, customers, the media, and more of the data breach and exfiltration
  4. Silencing victims by warning them not to contact the authorities
  5. Recruiting insiders to help them breach networks
  6. Resetting passwords
  7. Phishing attacks targeting victim email accounts
  8. Deleting online backups and shadow volume copies
  9. Printing physical copies of the ransom note on all connected devices, including point of sale terminals
  10. Launching distributed denial-of-service attacks against the target’s website

“Since organisations have become better at backing up their data and restoring encrypted files from backups, attackers are supplementing their ransom demands with additional extortion measures that increase the pressure to pay,” said Peter Mackenzie, director, Incident Response at Sophos.

“The Sophos Rapid Response team has seen cases where attackers email or phone a victim’s employees, calling them by their name and sharing personal details they’ve stolen – such as any disciplinary actions or passport information – with the aim of scaring them into demanding their employer pays the ransom. This kind of behaviour shows how ransomware has shifted from a purely technical attack targeting systems and data into one that also targets people.”

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
© iTnews Asia
Tags:
ransomware security

Related Articles

  • Your organisation’s physical security can be a gateway for cybercriminals
  • The best way to outsmart your threat actors is to think like one
  • How cybercriminals are exploiting LLMs to harm your business
  • Is identity now the next parameter of cybersecurity breaches?
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Your organisation’s physical security can be a gateway for cybercriminals

Your organisation’s physical security can be a gateway for cybercriminals

The best way to outsmart your threat actors is to think like one

The best way to outsmart your threat actors is to think like one

TETRA radio protocol found to be vulnerable

TETRA radio protocol found to be vulnerable

PhilHealth estimates 13 to 20 million members affected by data breach

PhilHealth estimates 13 to 20 million members affected by data breach

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.