10 ways ransomware attackers pressure you to pay the ransom

Image: Shutterstock/Vchal

Cybercriminals who employment ransomware person gotten overmuch bolder successful caller years. Beyond stealing delicate data, specified criminals volition crook to a assortment of tactics to further transportation the unfortunate to wage the ransom. A new study from information steadfast Sophos look astatine 10 ways attackers unit organizations to wage the demanded ransom. The study besides includes recommendations connected however to support yourself against these types of attacks.

SEE: Security incidental effect policy (TechRepublic Premium)

In the past, ransomware was a comparatively straightforward matter. An attacker would breach an enactment and encrypt captious data. Without a reliable oregon caller backup, that enactment would person fewer options different than to wage the ransom successful the hopes that the information would beryllium decrypted.

Now, however, organizations person gotten much diligent astir backing up important data, which means they whitethorn beryllium little apt to wage the ransom. As a result, cybercriminals person turned to much assertive and forceful tricks to request that the ransom beryllium paid.

1. Vowing to publically merchandise the data. One communal maneuver employed by attackers is the double-extortion ploy. In this case, the transgression vows to people oregon adjacent auction the information online unless the ransom is paid. Even if the unfortunate has reliable backups, they whitethorn consciousness unit to wage the ransom alternatively than hazard embarrassment and imaginable ineligible repercussions if the information is leaked.
2. Contacting employees directly. To further unit an organization, attackers volition interaction elder executives and different employees to pass them that their ain idiosyncratic information volition beryllium leaked if the ransom isn't paid.
3. Contacting partners, customers and the media. In different cases, the attackers volition scope retired to concern partners, customers and adjacent the media and archer them to impulse the victimized enactment to pay.
4. Warning victims not to interaction instrumentality enforcement. Many organizations volition interaction instrumentality enforcement officials oregon different parties to question their assistance successful resolving the incident. Such a determination could assistance the unfortunate retrieve their information without paying the ransom oregon enactment the attacker successful the crosshairs of instrumentality enforcement. Fearing these outcomes, galore criminals volition pass their victims to support silent.
5. Enlisting insiders. Some criminals volition effort to person employees oregon insiders to assistance them infiltrate an enactment to transportation retired a ransomware attack. In return, the attackers committedness the insider a information of the ransom payment. The anticipation is that they'll find immoderate disgruntled oregon dishonest worker who volition willingly exploit their ain employer.
6. Changing passwords. After the archetypal attack, galore ransomware operations volition acceptable up a caller domain admin relationship done which they alteration the passwords for each different admin accounts. Doing truthful prevents the different administrators from logging into the web to resoluteness the occupation oregon reconstruct the encrypted files from backups.
7. Launching phishing campaigns. In 1 incidental noted by Sophos, attackers sent phishing emails to employees to instrumentality them into moving malware that provided afloat entree to their emails. The attackers past utilized those compromised accounts to interaction the IT, legal, and information teams to pass of much attacks if the ransom wasn't paid.
8. Deleting backups. As ransomware attackers hunt done the web of a victim, they'll look for immoderate backups of delicate data. They'll past delete those backups oregon uninstall the backup software. In 1 lawsuit described by Sophos, the attackers utilized a compromised admin relationship to interaction the big of the victim's online backups and told them to delete the offsite backups.
9. Sending carnal copies of the ransom note. Some criminals volition inundate the victim's offices and employees with carnal copies of the ransom enactment sent to connected printers and constituent of merchantability terminals.
10. Launching Distributed Denial-of-Service attacks. Several ransomware gangs person turned to DDoS attacks to effort to person stubborn victims to wage the ransom. Such attacks not lone overwhelm the organization's web servers but besides distract IT and information staffers with yet different problem.

SEE: Ransomware attack: Why a tiny concern paid the $150,000 ransom (TechRepublic)

To assistance support your enactment against ransomware attacks, Sophos offers respective tips.

• Set up a grooming programme for your employees to assistance them admit the benignant of emails that attackers usage and the demands they mightiness marque arsenic portion of a ransomware attack.
• Establish a 24/7 interaction constituent for your employees to study immoderate suspicious enactment connected the portion of a imaginable attacker.
• Implement a process to scan for imaginable malicious insider activity, specified arsenic employees who effort to summation entree to unauthorized accounts oregon assets.
• Constantly show your web information and enactment the five aboriginal signs an attacker is present to thwart ransomware attacks earlier they bash damage.
• Disable immoderate instances of internet-facing distant desktop protocol (RDP) to forestall attackers from accessing your network. If employees request distant entree to an interior system, enactment it down a VPN oregon a zero-trust transportation and beryllium definite that multi-factor authentication is successful effect.
• Regularly backmost up your captious information and support astatine slightest 1 backup lawsuit offline. Adopt the 3-2-1 method for backups. That means backing up 3 copies of the information utilizing 2 antithetic systems, 1 of which is offline.
• To halt attackers from disabling your security, crook to a merchandise with a cloud-hosted absorption console that offers MFA and role-based medication to restrict access.
• Set up an effectual incident effect plan and update it arsenic needed.

Also see

• Infographic: The 5 phases of a ransomware attack (TechRepublic)
  
• Ransomware attackers are present utilizing triple extortion tactics (TechRepublic)
• SolarWinds attack: Cybersecurity experts stock lessons learned and however to support your business (TechRepublic)
  
• How to forestall different Colonial Pipeline ransomware attack (TechRepublic)
  
• Cybersecurity exertion is not getting better: How tin it beryllium fixed? (TechRepublic)  
  
• Identity theft extortion policy (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)