“Since organizations have become better at backing up their data and restoring encrypted files from backups, attackers are supplementing their ransom demands with additional extortion measures that increase the pressure to pay,” said Peter Mackenzie, director, Incident Response at Sophos. “For example, the Sophos Rapid Response team has seen cases where attackers email or phone a victim’s employees, calling them by their name and sharing personal details they’ve stolen – such as any disciplinary actions or passport information – with the aim of scaring them into demanding their employer pays the ransom. This kind of behavior shows how ransomware has shifted from a purely technical attack targeting systems and data into one that also targets people.” The article includes a recorded voicemail that a SunCrypt ransomware affiliate left for an employee of a targeted organization (published with the permission of the affected organization.) How Attackers Ramp up the Pressure to Pay Below are the top 10 ways attackers are increasing pressure on their ransomware victims to get them to pay the ransom: The article explains each tactic in more detail, with examples of ransomware groups that have deployed that tactic. The article also includes advice on what defenders can do to protect their organization and employees from attacker behaviors and cyberthreats in general. Further information on attacker behaviors, real-world incident reports and advice for security operations professionals is available on Sophos News SecOps. Tactics, techniques and procedures (TTPs), and more, for different types of ransomware are available on SophosLab Uncut, the home of Sophos’ latest threat intelligence.
