- Ransomware -attacks now often include more than just encryption of files
- In many cases, attackers threaten the victims with violence
- They also archive reports to SEC
Ransomware -Bands appear to be desperate when it comes to results, which, in addition to encrypting and leaking data on the web, they have also begun to threaten CEOs with physical violence.
CyberSecurity -Scientists Semperis claim over the past 12 months, in 40% of ransomware events became CEOs of the affected company also physically threatened -which increases to 46% among the US -based organizations.
But even paying up may not be enough when the research found more than half (55%) of organizations paying a claim, it did several times, with almost a third (29%) of these companies paying three or more times and 15%were not even sent decrypt keys or received corrupt keys.
Physical violence
Threatening to file a legislative complaint also seems to be a popular tactic, found semperis. It was observed in 47% of the attacks and increased to 58% in the United States.
By 2023, the notorious Blackcat Ransomware Group reported one of its victims to SEC to make them pay, with this tactic due to growing legislative requirements on cyber event reporting, including SEC’s four-day disclosure rule to publicly traded companies.
Ransomware has been around for more than a decade, and during this period it has evolved several times. It started with just encryption that companies quickly diminished by keeping offline backups of all the most important data.
Criminals then responded by stealing the data first and threatening to release them on the dark web unless a payment is made. This strategy, known as “double extortion”, works pretty well, so good actually that some criminal abandoned encryption part is completely focused on stealing files.
However, many companies refuse to bend and force criminals into even greater extremes.
In some cases, they mate the encryption of back-end with a distributed denial of service (DDOS) on the front end, bringing the entire company to a screaming stop. Phone calls to victim organizations were also observed in a few cases, and now we can also add physical threats to the mixture.
“While some circumstances may be leaving the company in a non-choice situation, we must acknowledge that it is a down payment of the next attack,” noted Mickey Bresman, CEO of Semperis.
“Every dollar handed over to ransomware -band burns their criminal economy and encourages them to strike again. The only real way of breaking ransomware -wrap is to invest in resilience and create an opportunity not to pay ransom,” he commented.
