CYBERCRIMINALS are no longer content with merely encrypting data and demanding payment; they are now actively weaponizing stolen information to exert maximum pressure on their victims.
In a Sophos report entitled “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” details how these groups are exploiting sensitive data to coerce companies into paying ransoms. These tactics include not only threatening to leak stolen data publicly but also using it for further extortion. This could involve sharing contact details of CEOs and business owners, exposing personal information of employees or clients, and even threatening to report any illegal activities discovered within the stolen data to authorities.
The Sophos X-Ops team, which conducted the research, found multiple instances of ransomware attackers explicitly outlining their plans to scrutinize stolen data for potential leverage. For instance, the WereWolves ransomware group stated its intent to subject any stolen data to “a criminal legal assessment, a commercial assessment, and an assessment in terms of insider information for competitors.” Another group, Monti, threatened to expose an employee’s alleged illegal activity if the targeted company refused to pay the ransom.
These tactics align with a broader trend of ransomware gangs seeking to exploit increasingly sensitive data. The report documents instances where criminals have threatened to release mental health records, medical records of children, and even explicit images of patients. In one particularly disturbing case, the Qiulong ransomware group posted the personal data of a CEO’s daughter, along with a link to her Instagram profile.
This escalation in pressure tactics marks a significant shift in the ransomware landscape. Organizations are now not only at risk of losing valuable data but also facing the potential exposure of sensitive and deeply personal information. This can lead to severe reputational damage, financial losses, and even legal repercussions.
“Ransomware gangs are becoming increasingly invasive and bold about how and what they weaponize,” warns Christopher Budd, Director of Threat Research at Sophos. “Organizations have to not only worry about corporate espionage and loss of trade secrets or illegal activity by employees, but also about these issues in conjunction with cyberattacks.”