Several cyber attackers have been weaponizing personal data as a means to pressure targets into paying a ransom, a recent report by cybersecurity provider Sophos said.
According to Sophos, business owners and employees have suffered data breaches and other forms of blackmailing by cybercriminals, including threats of exposing illegal business activities and forcing workers to pursue litigation against their employers.
“Ransomware gangs are becoming increasingly invasive and bold about how and what they weaponize. Compounding pressure for companies, they’re not just stealing data and threatening to leak it, but they’re actively analyzing it for ways to maximize damage and create new opportunities for extortion,” Sophos Threat Research Director Christopher Budd said.
The ransomware groups have allegedly performed different methods of cyber extortion that can be found on the dark web, which sought to “manipulate narratives” by blaming ransomware attacks on business leaders they target.
In the report titled “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” Sophos showed that the cybercriminals have published a photo of a business owner with devil horns, along with their social security number.
The cybersecurity provider also found other posts by hackers revealing their schemes to defame workers by stealing data that could be used as “leverage” if companies refuse to pay.
Ransomware group Monti, for instance, caught an employee searching for child sexual abuse content and threatened to report it to authorities if the company failed to shell out a ransom.
“These efforts create a lightning rod for blame, increasing the pressure on businesses to pay up and potentially exacerbating the reputational damage from an attack,” Budd said.
Other sensitive data, such as health documents relating to mental health and sexual problems, medical records of children, and pictures of nude patients have also been used to extort companies.
Established in 1985, Sophos has protected over 600,000 organizations and more than 100 million users from cyberthreats globally, such as active adversaries, ransomware, phishing and malware through its security operations platform, threat hunting and remediation.
