Sophos, a global leader in cybersecurity solutions, has released a new dark web report titled “Turning the Screws: The Pressure Tactics of Ransomware Gangs.”
The report details how cybercriminals are intensifying their pressure tactics on targets who refuse to pay ransoms by weaponizing stolen data.
This includes doxing family members of CEOs and business owners, and threatening to report any illegal activities discovered in the stolen data to authorities.
Sophos X-Ops has uncovered dark web posts where ransomware gangs refer to their targets as “irresponsible and negligent,” and in some cases, encourage individual victims whose personal information was stolen to sue their employers.
“In December 2023, following the MGM casino breach, we noticed ransomware gangs using media as a tool to increase pressure on their victims and control the narrative. They are singling out business leaders they hold responsible for attacks. In one post, attackers published a photo of a business owner with devil horns and their social security number. In another, they encouraged employees to seek compensation from their company and threatened to notify customers, partners, and competitors about data breaches,” said Christopher Budd, director of threat research at Sophos. These tactics heighten the pressure on businesses to pay and worsen reputational damage from attacks.
Sophos X-Ops also found posts by ransomware attackers detailing their plans to leverage stolen data.
For example, the WereWolves ransomware group noted that stolen data undergoes “a criminal legal assessment, a commercial assessment, and an assessment for insider information for competitors.”
The Monti ransomware group found an employee searching for child sexual abuse material and threatened to report this to the police if the company didn’t pay the ransom.
These posts reflect a growing trend of criminals using sensitive data related to employees, clients, or patients for extortion.
This includes mental health records, medical records of children, and explicit images of patients. In one case, the Qiulong ransomware group posted personal data of a CEO’s daughter, including a link to her Instagram profile.
“Ransomware gangs are becoming increasingly invasive and bold in their tactics. They’re not just stealing data and threatening to leak it but are actively analyzing it to maximize damage and create new extortion opportunities. Organizations now have to worry about corporate espionage, loss of trade secrets, and illegal activities by employees, in addition to cyberattacks,” said Budd.
