- Ransomware attacks now often includes more than just encrypting files
- In many cases, the attackers threaten the victims with violence
- They also file reports with the SEC
Ransomware gangs seem to be getting desperate when it comes to getting results, as besides encrypting and leaking data on the web, they’ve also started threatening CEOs with physical violence.
Cybersecurity researchers Semperis claim over the past 12 months, in 40% of ransomware incidents, the CEOs of the affected company were also physically threatened – which rises to 46% among US-based organizations.
But even paying up may not be enough, as the research found more than half (55%) of organizations who paid a demand did so multiple times, with nearly a third (29%) of those firms paying three or more times, and 15% were not even sent decryption keys, or received corrupted keys.
Physical violence
Threatening to file a regulatory complaint also seems to be a popular tactic, Semperis found. It was observed in 47% of attacks, rising to 58% in the US.
In 2023, the infamous BlackCat ransomware group reported one of its victims to the SEC to get them to pay, with this tactic due to growing regulatory requirements around cyber incident reporting, including the SEC’s four-day disclosure rule for publicly traded companies.
Ransomware has been around for more than a decade, and during this time it has evolved multiple times. It started with just encryption, which companies quickly mitigated by keeping offline backups of all the key data.
Criminals then responded by stealing the data first, and threatening to release it on the dark web unless a payment’s made. This strategy, known as “double extortion” works rather well, so well in fact that some criminals abandoned the encryption part altogether and are just focused on stealing files.
However, many companies refuse to budge, forcing the criminals into even bigger extremes.
In some cases, they pair the encryption of the back-end with a Distributed Denial of Service (DDoS) on the front-end, bringing the entire business to a screeching halt. Phone calls to victim organizations were also observed in a couple of cases, and now, we can add physical threats to the mix, as well.
“While some circumstances might leave the company in a non-choice situation, we should acknowledge that it's a downpayment on the next attack,” noted Mickey Bresman, CEO of Semperis.
“Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom,” he commented.