Exclusive Report from TechRepublic: Latest Instances of Ransomware Assaults are Becoming More Individualized as Cybercriminals ‘Employ Psychological Tactics’
Professionals caution that desperate ransomware perpetrators are transitioning their focus from enterprises to individuals, exerting “emotional leverage” with individualized intimidations that bring online blackmail into tangible existence. In a recent striking incident, Guy Segal and Moty Cristal from the ransomware mediation and incident response company Sygnia revealed that a threat actor dialed a senior executive’s personal cell phone and divulged confidential specifics acquired from the organization’s internal network.
“In the conversation, personal details were mentioned, highlighting the extent of personal data an employer may have regarding its staff,” Cristal, a tactical mediator, divulged to TechRepublic. “Ransomware hacks go beyond encrypted files; they can invade in various other forms as well.”
Decline in Ransomware Payments, Yet Heightened Threats
Despite ransomware being a persistent issue for years, the global payments in 2023 exceeded $1 billion for the first time, marking a significant rise in cyber extortion. Perpetrators have consistently honed their strategies, uncovering novel methods to secure maximum payments from targets.
Recent data unveiled last month indicates that ransomware payments plummeted by 35% in 2024. Specialists ascribe this reduction to successful enforcement operations and enhanced cybersecurity practices worldwide, empowering more victims to resist payment demands. Consequently, perpetrators are adapting, hastening negotiations and crafting more evasive, difficult-to-detect ransomware variations.
SEE: Majority of Ransomware Attacks Occur During Security Personnel’s Rest, Study Indicates
High-profile targets are frequently senior executives or affiliated with legal professions. The purloined personal information may encompass details about their offsprings’ residences or educational institutions, or even images of beloved individuals. Cristal remarked that it is “exceedingly uncommon” for a perpetrator to actually carry out these real-world threats, but the success of the attack hinges on the victim’s belief that they might.
“It can transition into a deeply personal experience to provoke an instinctive response from the victim,” he expressed. Cristal noted that roughly 70% of ransoms remain unpaid. Most instances do not have a personal element.
However, when perpetrators heighten threats by pledging to disclose sensitive data, they also display their prowess within the cybercriminal community—if they do not receive the demanded payment, they can vend the valuable data on the black market for a last-minute profit.
Potential Perils of Applying AI in Ransomware Negotiations
Current ransomware operations are utilizing AI in innovative manners, with culprits leveraging easily accessible chatbots to create malware, formulate phishing emails, and generate deepfake videos to deceive individuals for valuable data or money. Consequently, these tools have eased the entry barriers for orchestrating a cyber assault. Nonetheless, Sygnia’s ransomware mediation squads have observed victims attempting to utilize solutions such as ChatGPT to guide them in saying the appropriate things to escape their predicament.
SEE: UK Study: Generative AI Has Potential to Amplify Ransomware Threats
Thus, negotiators strive to sustain an “approachable” demeanor, Cristal emphasized.
The discussion regarding prohibiting ransomware payments
Back in January, the United Kingdom government put forth the idea of forbidding ransomware payments to render critical industries less appealing to criminals, thereby diminishing the occurrence and consequences of incidents within the nation. This prohibition would be applicable to all governmental entities and vital national infrastructure, encompassing NHS trusts, schools, local councils, and data centers.
EXPLORE: Starbucks, Supermarkets Attacked in Ransomware Incident
The Office of Foreign Assets Control has recognized several sanctioned ransomware factions associated with Russia or North Korea that U.S. corporations and individuals are legally barred from remitting ransom payments to.
Segal and Cristo argue that prohibiting ransomware payments is not a simple solution, highlighting instances where attacks have both surged and dwindled. While certain malevolent actors might be deterred, others could be compelled to escalate the threats with more aggressive or personalized approaches. Some are motivated by data breaches or system disruptions for geopolitical motives rather than monetary gains — such individuals remain unaffected by the prohibition.
However, the Sygnia mediators concur that bans on ransom payments within governmental bodies yield positive outcomes overall.
“The universal decision to abstain from ransom payments is a luxury that governmental agencies can enjoy,” Segal remarked. “However, this stance is less viable within the corporate realm.”
Undoubtedly, in the documentation outlining the U.K.’s proposed ban, the Home Office admitted the likelihood of the legislation disproportionately impacting small and miniaturized enterprises “that lack the resources for specialized ransomware insurance or remediation experts.” These entities will confront greater challenges in recovering from any financial setbacks incurred due to operational disturbances and consequent harm to their reputation.
These repercussions might induce certain enterprises to covertly transfer ransom sums through intermediaries or digital currencies to sidestep penalties. Disbursing payments in this manner also benefits the attacker as they receive the payment clandestinely, evade jurisdictional restrictions, and perpetuate their activities without the fear of detection or repercussions.
If a business is discovered engaging in this conduct, they will naturally face penalties from the government in addition to the ransom payout, exacerbating the detriment to their operations. Conversely, compliance and reporting the incident to the authorities introduce an extra administrative burden that disproportionately affects smaller enterprises.
“This is why there ought to be more measures in place to assist enterprises before they endure the repercussions of a ransomware prohibition,” Segal asserted.
Amir Becker, Sygnia’s Senior Vice President of Global Cyber Services, proposed that in the event governments enforce a ban, they should also:
- Exempt crucial infrastructure and medical sectors, as withholding the ransom could lead to loss of lives.
- At the same time, offer incentives to organizations to bolster their cybersecurity stance and response capabilities.
- Extend financial and technical support to aid companies in recovering from the outcomes of refraining from paying a ransom.
“This equitable strategy can tackle the ransomware menace while diminishing the ancillary harm to businesses and the broader economy,” he communicated to TechRepublic.
About Author
