Hostage and ransom situations have been around since the dawn of time, but the new technology era has brought forth a new form of kidnapping and exploitation — ransomware. Our ever-evolving world means we rely more on online networks to store our information. This makes us vulnerable to a new type of criminal.
These cyber criminals use various tactics to take information hostage and exploit their victims, especially when companies don’t comply quickly enough. However, there are steps that can combat and even prevent malware attacks.
Typical Ransomware Tactics
Ransomware is malware that attacks and takes critical data hostage. Depending on the type and sophistication of malware, it can either attack the entire device or target specific files. After accessing the network, the ransomware spreads and encrypts the victim’s data, and an encryption key is required to unlock or access the information.
Depending on how advanced the malware is, it can either lock the user out of their account completely or deny access to selected parts of the account. There are several types of malware cyberattackers use— ransomware, viruses, scareware, worms and trojan. Cybercriminals could target any business or individual and use ransomware as a means to extort people for money.
Previously, their extortion tactics have mostly been limited to the basics: keeping the encryption key until payment is received, and more recently, threatening to leak private data to the public unless the victim pays. However, as companies continue to fortify their defenses against cyberattacks, criminals are seeking more creative ways to increase the pressure on their victims.
6 Tactics Ransomware Attackers Use
As with most hostage situations, these cyber criminals want something for the safe return of information. To force the victim to comply they employ different scare tactics — from public humiliation to personal attacks. Here are six additional ways ransomware attackers have developed to pressure their victims.
- Changing Passwords
In addition to encrypting data, attackers might choose to change the victim’s passwords, locking them out of their network. This prevents IT workers from attempting to fix or even assess the damage caused by the cyber attack. Faced with the panic of not having access to their accounts, many victims choose to comply with the ransom.
This also provides additional leverage for the attackers, as they can demand a ransom for both the encrypted files and the passwords.
- Technological Contact
Cybercriminals might choose a more personal method of force, such as emails and phone calls. Victims might receive threatening daily emails or phone calls to add more pressure on them to force compliance. This can personalize the attack and make key decision-makers feel much more intimidated.
- Involving Other People
Employees, family members, customers or executives can become victims of the same cybercriminal. Involving the people closest to the target adds more motivation to pay the ransom. The attacker might choose to send sensitive information to one of these people with a message attached that encourages the recipient to demand that the hacked company pay the ransom. When word of an attack spreads to the public and the media, the pressure to pay becomes far more immense.
- Physical Threats
It would be ignorant to believe just because someone is targeting you over cyberspace they are above physical violence. Another way to gain victim compliance is through physical threats. This can be directly aimed at the victim or a loved one.
A less violent but still disturbing physical threat is printing the ransom note on all devices throughout the company. Some ransomware operators will flood a company’s printers with hundreds of copies of the ransom note. Not only does this waste paper, ink, and time, but it also intimidates employees who may in turn put pressure on the company.
- Auctioning or Publishing Stolen Information
This tactic entails the partial publication of ransomed information, emphasizing that the attackers are serious about their threats. Attackers might first leak less sensitive information, but as time goes by the severity of data may increase in order to gain compliance.
Another option attackers use is to auction off the stolen information. They might choose to give a rival business the opportunity to buy the data and in some cases, even with the victim complying, the information could still be auctioned off.
Tips on Protecting Yourself Against Malware Attackers
In today’s technology era, any business can be at risk from cyberattacks and it is essential to have measures in place that protect your organization. With the following precautions, you could lessen your chances of a cyber attack occurring:
- Keep offline back-ups: Offline information is not easily hacked or infected with ransomware.
- Update your systems and software regularly: Frequently updating your software ensures your device or network has the latest software and firewalls available.
- Install malware detectors and anti-virus: These methods can help identify and stop an attack from happening.
- Be careful of what you download: Ensure you trust the site you are downloading from or know the program you are installing. Think twice before allowing third-party websites or apps to change your device settings.
- Limit the sharing of personal or sensitive information: This lowers the possibility of someone accidentally stumbling across sensitive information they could use to exploit you. Having less of an online presence means you are more difficult to be targeted.
How RidgeBot Can Help You
RidgeBot is a software that provides users with peace of mind by allowing them to frequently run security validation tasks. Thanks to RidgeBot’s ease of use, users require little to no training to effectively operate the software. Ensure you protect your business sufficiently by having the proper precautions to stop cyberattacks before they even happen.
About Author
Zachary Amos is the Features Editor at ReHack, where he covers cybersecurity, artificial intelligence, and other trending tech topics. For more of his work, follow him on Twitter or LinkedIn.