Get the latest tech news

Sophos X-Ops: Ransomware gangs escalating tactics, going to ‘chilling’ lengths

Whether targeting executives' family members or snitching on those that don’t pay, ransomware gangs are taking their tactics to new heights.

To make themselves appear grassroots or altruistic — and apply further pressure — some cybercriminals are also encouraging victims whose personally identifiable information (PII) has been leaked to “partake in litigation.” They also openly criticize their targets as “unethical,” “irresponsible,” “uncaring” or “negligent,” and even attempt to ‘flip the script’ by referring to themselves as “honest…pentesters,” or a “penetration testing service” that conducts cybersecurity studies or audits. Taking this a step further, attackers will name specific individuals and executives that they claim are “responsible for data leakage.” Sophos X-Ops researchers point out that this can serve as a “lightning rod” for blame; cause reputational damage; and “menace and intimidate” leadership. Finally, ransomware gangs aren’t hiding away from the world in dark basements or abandoned warehouses (as is the cliche) — increasingly, they are seeking media attention, encouraging their outreach, touting recent coverage and even offering FAQ pages and press releases.

Get the Android app