Turning the Screws:
Pressure Tactics of Ransomware Gangs
Ransomware groups weaponize stolen data to increase pressure on targets who refuse to pay. Their tactics take many forms, including threats to reveal compromising information about the entity or doxing high-ranking employees or elected officials and their families. Doxing involves sharing personal or confidential details of the targeted individuals on the Internet. This information can then be used to harass individuals, ranging from public shaming to identity theft.
In a recent report, Sophos Inc. shared posts found on the dark web that show how ransomware gangs refer to their targets as “irresponsible and negligent,” and in some cases, encourage individual victims whose personal information was stolen to pursue litigation against their employer.
In December 2023, in the wake of the MGM casino breach, Sophos began taking note of ransomware gangs’ propensity to turn the media into a tool they can use to pressure their victims and take control of the narrative, shifting the blame. The gangs are singling out business leaders they deem ‘responsible’ for the ransomware attack at targeted entities. They create a lightning rod by posting photos of a business owner or public official with devil horns–and including their social security number. Another post encouraged employees to seek ‘compensation’ from their employer for leaked data.
Multiple posts were found in which ransomware attackers used leverage from stolen data when the targeted entities did not pay. Examples of such were the sharing of insider information with competitors or sharing highly questionable internet searches with the police.
Broader trends are seen of criminals seeking to extort companies with sensitive data related to employees, clients, or patients–including mental health records, medical records of children, “information about patients’ sexual problems” and “images of nude patients.” They are not just stealing data and threatening to leak it, but actively seeking to maximize damage and find opportunities for extortion. Along with the loss of data, corporations and entities now worry about personal information, loss of trade secrets, and illegal activity by employees.