- Ransomware attacks now often include more than encrypt files
- In many cases, attackers threaten victims violently
- They also present reports before the SEC
Ransomware gangs seem to be desperate when it comes to obtaining results, since in addition to encrypting and filtering data on the web, they have also begun to threaten CEO with physical violence.
Cybersecurity researchers who claim in the last 12 months, in 40% of ransomware incidents, the CEO of the affected company were also physically threatened, which increases to 46% among organizations based in the United States.
But even paying may not be sufficient, since the investigation found that more than half (55%) of the organizations that paid a demand made it several times, with almost a third (29%) of those companies that paid three or more times, and 15%were not even sent to deciphered keys, or received corrupt keys.
Physical violence
Threatening to present a regulatory complaint also seems to be a popular tactic, according to Semperis. It was observed in 47% of the attacks, increasing 58% in the United States.
In 2023, the infamous Ransomware Blackcat group reported one of its victims to the SEC to pay, with this tactic due to the growing regulatory requirements around the reports of cyber incidents, including the four -day dissemination rule of the SEC for companies that quote on the stock market.
Ransomware has existed for more than a decade, and during this time it has evolved several times. It started with only encryption, which companies mitigated quickly by maintaining offline backups of all key data.
Then, the criminals responded by stealing the data first and threatening to release them in the dark network unless a payment is made. This strategy, known as “double extortion” works quite well, so well that some criminals abandoned the encryption part completely and focus on stealing files.
However, many companies refuse to move, forcing criminals to even larger extremes.
In some cases, they combine back-end encryption with a distributed denial of service (DDOS) in the front-end, which stops the entire business. Telephone calls were also observed to victims organizations in a couple of cases, and now we can also add physical threats to the mixture.
“While some circumstances could leave the company in a situation of non -selection, we must recognize that it is an initial payment in the next attack,” said Mickey Bresman, CEO of Semperis.
“Every dollar delivered to ransomware gangs feeds their criminal economy, encouraging them to hit again. The only real way to break the scourge of ransomware is to invest in resistance, creating an option not to pay the rescue,” he said.
