This is how ransomware hackers are putting pressure on victims

    All these days we have discussed enough on how ransomware is spreading, how it is affecting and the ransom demand the hackers are making from their victims, respectively. Now, let’s shift the focus a bit towards a less discussed topic on how ransomware attacks could make the victims bow down to the demands of threat actors.

    Publicly releasing data- Most of the ransomware gangs like REvil and Conti first steal data from the victim database and then lock it down with encryption until a ransom is paid; to pressurize the victim with the threat of releasing the stolen data on the dark web.

    Communicating with employees- As soon as the organization is targeted, the employees in the breached network are contacted and threatened that their personal data will also be sold on the dark web if their company cannot pay the ransom.

    Contacting Partners, Customers and the Media- REvil Ransomware spreading gangs are seen involving in the tactic of contacting partners, customers and the media of the victimized company and are seen urging them to pressurize the victimized company to pay up. Otherwise, they make the direct threat of embarrassing the ransomware hit company further.

    Victims are told to avoid law enforcement- Usually in any kind of crime, the criminals threaten victims (cyber crooks in this case) not to contact the law enforcement as it could lead them to more trouble. Ransomware spreading criminals also warn the victims from contacting the law enforcement.

    Luring an insider- While launching a ransomware attack, threat actors, especially those from Conti Ransomware gang, are seen convincing the employees or insiders to join hands in infiltrating an organization. And as a favor, they promise the attacker with a portion from the ransom payment.

    Take hold of the victimized database at the admin level- As soon as a file encrypting malware spreading gang takes hold of a database, it immediately cancels all admin privileges on the database and prevents admins from logging into the network by changing their passwords.

    Backup deletion- Some cyber criminals are so sophisticated that they delete all the backups related to the sensitive data, forcing the victim to go with the option of only paying up.

    Selling up the stolen data- Even if the victim pays the ransomware spreading gang a ransom, there is a high probability that they will store a copy of data on their server and sell it after a few days or months of returning the decryption key to the victim.

    Infiltrating the database twice or thrice- Some ransomware spreading gangs follow a protocol of infiltrating a database twice or thrice and locking it up with malware. So, victimized companies should cover up the flaws that led to the malware infection.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display