In the early years of ransomware, the targets were regular web users who were randomly attacked and blackmailed into paying small sums for the decryption of their encrypted personal files. However, nowadays, cybercriminals work on a bigger scale and target big enterprises globally in an attempt to extort millions in ransom for the recovery of sensitive business and customer data.
Management-specific data is the new target
Security experts who are observing this trend describe it as the inevitable evolution of these blackmail tactics. A new pattern has arisen in the ransomware circles where data is robbed from workstations used by top management so that the accessed “juicy” details can later be used to pressure the attacked organization to agree on large ransom payments. The ransomware gangs typically hack business networks, snatch classified data, encrypt files, and leave ransom-demanding notes on the compromised machines.
Recently, some threat actors have started to specifically look for gaining access to highly important data available only to top managers in targeted companies. The malware operators that apply this tactic are searching the files and emails of managers and top executives of the attacked organization and are exfiltrating details that they feel may be of great importance and could be used to directly harm the company’s reputation, cause embarrassment, and put pressure on the management to accept the demanded ransom payment.
The managers are the logical target since they are the same persons that are typically in charge of agreeing on ransom demands in case of ransomware attacks over a company.
Clop ransomware gang is fine-tuning the new tactic
Security analysts have seen this strategy being adopted by operators of the Clop ransomware, a popular ransomware strain that has been in the wild for a while. However, it is not excluded that the same tactic could be easily adopted by other ransomware strains.
The Clop ransomware gang has been fine-tuning its technique over the last couple of months, as several victims of the Clop ransomware have already been blackmailed into paying huge ransom for regaining access to management-specific data.
Other techniques that have also been used by ransomware threat actors include abusive and intimidating telephone calls to managers, employees as well as clients, and business partners, Facebook advertising, and threats to publish stolen data on data leak websites or expose the “dirty laundry” of attacked businesses online.
Malware groups may often bluff about the importance of the accessed data
New tactics like this one that helps to raise ransom money are expected to be quickly adopted by various Ransomware gangs. However, security professionals remind us that, very often, the data used in these blackmail strategies directed at the administration of an organization is not always valid or as sensitive as the cybercriminals claim. Malware groups are not always capable of getting their hands on confidential details or critical business information despite all the intrusion techniques they make use of. Still, that doesn’t stop them to claim or say anything, as long as it will make them money. With this in mind, it is best to always seek professional help and take precautions by applying the recommended security measures needed to protect your business.