Ransomware has been around for quite some time and keeps thriving due to cybercrooks’ ability to evolve and adapt to the ever-changing cybersecurity landscape. What’s worse is that experts predict ransomware attacks will only grow costlier.
Researchers at Sophos detailed the top 10 pressure tactics cybercriminals use to push organizations that fell for their scams to pay the ransom.
What are Ransomware Attacks?
Ransomware is a particular and potentially catastrophic form of malware from cryptovirology, capable of causing significant financial damage to victims. Hackers use this extortion software to encrypt your data, denying you access to your files or your entire computer, and provide you the decrypting key only in exchange for a ransom ranging from a few hundred to thousands of dollars.
Usually, payments to cybercriminals are made through anonymous and untraceable methods, such as Bitcoin.
Ransomware is constantly being written and modified by its developers to avoid being detected by typical antivirus programs based on its signature.
Depending on the type of virus used, there are two main categories of ransomware:
Locker Ransomware – it affects essential computer functions and locks down the entire device instead of encrypting files. It usually allows the user to boot up the computer.
Crypto Ransomware – it encrypts individual files and displays an alert demanding the victim to pay a certain amount of money to regain access to their files.
Top 10 Tricks Used To Persuade Victims To Pay The Ransom
In a recent blog post, security firm Sophos shows how ransomware operators are using a wide range of social-engineering tactics to pressure victims into paying up.
The report is based on the experiences of an incident response team that helps companies under cyberattack. The techniques found went from encrypting the data to harassing employees and customers.
“Since organizations have become better at backing up their data and restoring encrypted files from backups, attackers are supplementing their ransom demands with additional extortion measures that increase the pressure to pay,” said the director of Incident Response at Sophos, Peter Mackenzie.
“For example, the Sophos Rapid Response team has seen cases where attackers email or phone a victim’s employees, calling them by their name and sharing personal details they’ve stolen – such as any disciplinary actions or passport information – with the aim of scaring them into demanding their employer pays the ransom. This kind of behavior shows how ransomware has shifted from a purely technical attack targeting systems and data into one that also targets people.”
Here are the top 10 ways hackers scare victims of ransomware attacks into paying up, going from basic to highly sophisticated:
- Stealing data and threatening to publish or auction it online
- Emailing and calling employees, including senior executives, threatening to reveal their personal information
- Notifying or threatening to notify business partners, customers, the media, and more of the data breach and exfiltration
- Silencing victims by warning them not to contact the authorities
- Recruiting insiders to help them breach networks
- Resetting passwords
- Phishing attacks targeting victim email accounts
- Deleting online backups and shadow volume copies
- Printing physical copies of the ransom note on all connected devices, including point of sale terminals
- Launching distributed denial-of-service attacks against the target’s website
What Can You Do Against Ransomware Attacks?
“The fact that ransomware operators no longer confine their attacks to encrypting files that targets can often restore from backups, shows how important it is for defenders to take a defense-in-depth approach to security. This approach should combine advanced security with employee education and awareness”, researchers wrote.
Sophos also offers helpful advice on how to protect your company from ransomware attacks:
- Implement a security awareness training program to educate your employees on online threats and how to prevent them
- Make sure your employees can report any fraudulent attempts by establishing a 24/7 contact point
- Introduce measures to identify potential malicious insider activity
- Monitor your network security 24/7
- Shut down internet-facing remote desktop protocol (RDP) to deny hackers access to networks. If users need access to RDP, put it behind a VPN or zero-trust network access connection and enforce the use of Multi-Factor Authentication (MFA)
- Keep regular backups of the most important and current data on an offline storage device. The standard recommendation for backups is to follow the 3-2-1 method: 3 copies of the data, using 2 different systems, 1 of which is offline, and test the ability to perform a restore
- Prevent attackers from getting access to and disabling security: choose a solution with a cloud-hosted management console with multi-factor authentication enabled and Role Based Administration to limit access rights
- Have an incident response plan and update it as needed.
Most ransomware attacks start with the same infectious vector – a phishing email.
ATTACK Simulator’s Security Awareness Training program will help you enrich your employees’ cybersecurity knowledge with up-to-date security best practices to keep your company safe from scammers and avoid potentially irreparable damage.