web analytics

How Ransomware Groups Weaponize Stolen Data – Source: www.databreachtoday.com

Rate this post

Source: www.databreachtoday.com – Author: 1

Fraud Management & Cybercrime
,
Ransomware

Attackers Are Turning Up the Heat on Targets Who Won’t Pay

Christopher Budd


September 2, 2024    

How Ransomware Groups Weaponize Stolen Data

In the wake of the MGM casino breach in December 2023, Sophos X-Ops began analyzing ransomware gangs’ propensity to turn the media into a tool they can use to not only increase pressure on their victims but to take control of the narrative and shift the blame.

See Also: How to Unlock the Power of Zero Trust Network Access Through a Life Cycle Approach

Ransomware gangs are becoming increasingly invasive and bold about how and what they weaponize. Compounding pressure for companies, they’re not just stealing data and threatening to leak it – they’re actively analyzing it for ways to maximize damage and create new opportunities for extortion. This means that organizations have to not only worry about corporate espionage and loss of trade secrets or illegal activity by employees, but also about these issues in conjunction with cyberattacks.

Gangs have singled out business leaders they deem “responsible” for the ransomware attack at the companies they target. In one post we found, the attackers published a photo of a business owner with devil horns, along with their Social Security number. In another post, the attackers encouraged employees to seek “compensation” from their company, and in other cases, the attackers threatened to notify customers, partners and competitors about data breaches. These efforts create a lightning rod for blame, increasing the pressure on businesses to pay up and potentially exacerbating the reputational damage from an attack.

Sophos also found multiple posts by ransomware attackers detailing their plans to search for information within stolen data that could be used as leverage if companies don’t pay. In one post, the WereWolves ransomware actor says that any stolen data is subject to “a criminal legal assessment, a commercial assessment and an assessment in terms of insider information for competitors.” The ransomware group Monti claimed that it found an employee at a targeted company searching for child sexual abuse material and threatened to give the information to the authorities if the company didn’t pay the ransom.

These posts align with a broader trend of criminals seeking to extort companies that have sensitive data relating to employees, clients or patients, including mental health records, the medical records of children, “information about patients’ sexual problems” and “images of nude patients.” In one case, the Qiulong ransomware group posted the personal data of a CEO’s daughter, as well as a link to her Instagram profile.

Ransomware attackers are no longer simply hacking networks and systems – they’re attempting to “hack” the public narrative. We saw this with the MGM hack and in the MOVEit attacks by Cl0P, when the group attempted to “set the record straight” about purported inaccuracies in the media’s coverage of the attacks. For these threat groups, there are several benefits to engaging with the press. It’s an ego boost for them, it improves their notoriety and it makes them a more desirable “employer” for criminals. It has also shown to be an effective method for pressuring victims.

We’re likely to see ransomware groups more directly engaging with the press in the future. In our research, we saw groups such as Cl0P and Royal use press releases to “rebrand” their activities into “security services.” We’re not sure why; it could be a recruitment tactic or an attempt to improve their public image. Regardless, it demonstrates these threat groups’ concerted efforts to shape public perception. It’s important that defenders do not give in to the attackers’ desire for attention. We need to focus on the tactics, techniques and procedures of the attacks, to provide better defense rather than learn who was behind the attack.

Read the full report, “Turning the Screws: The Pressure Tactics of Ransomware Gangs” on Sophos.com.

Original Post url: https://www.databreachtoday.com/blogs/how-ransomware-groups-weaponize-stolen-data-p-3702

Category & Tags: –

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post