Ransomware evolves from mere extortion to “psychological attacks” • The Register

RSAC Ransomware infections have become a “psychological attack on the victim’s organization” as criminals use increasingly personal and aggressive tactics to force victims to pay, according to Google-owned Mandiant.

“We’ve seen situations where threat actors have essentially swapped the phones of executives’ children and started making calls to executives from their children’s phone numbers,” Mandiant CTO Charles Carmakal said during a Google Security Threat Intelligence Panel This year’s RSA conference will take place on Monday in San Francisco.

“Think about the psychological dilemma that the manager experiences – when he sees a call from the children, picks up the phone and hears that it is someone else’s voice? Sometimes it’s a fake caller ID. Another time we see family members replacing the SIM card.” ” Either way, it’s terrible.

Seeing a call from the children, picking up the phone and hearing that it is someone else’s voice…

This is the next step in the evolution of ransomware tactics, which have now gone far beyond simply encrypting victims’ files and even stealing their data.

In recent years we have seen attacks in which ambulances were diverted, patients were denied access to vital medicines and services, nude photos of cancer fighters were leaked, patients were beaten in their homes – and all sorts of other vile extortion attempts.

“There are a few threat actors that really have no rules of conduct in terms of the extent to which they try to coerce victims,” Carmakal noted, recalling ransomware incidents in which the criminals directly contacted executives, their family members, and Board members had welcomed them into their homes.

The criminals have evolved from a pure attack on a company, its customers and their data to a “more anti-people attack,” he added.

It changes the calculation when deciding whether to settle the extortion claim, Carmakal said. “It’s less about ‘Do I need to protect my customers?’ But more on the topic of ‘How do I better protect my employees and employees’ families?’ That’s a pretty scary change.”

Mandiant principal analyst John Hultquist described it as “the transformation of fraud” – as digital crime has evolved from something that was primarily a problem for banks and retail to one that affects all sectors of the economy.

“The people buying cybercrime threat intelligence were (previously) in the retail and financial sectors,” he explained. “A lot of people didn’t care.”

Cryptocurrency has changed that because it makes it easier to monetize digital crime, Hultquist added. “And that led to this progressive path from disruption to extortion. And then it continues to metastasize and get worse.”

Criminals now have a “very easy” way to accept payments from victims and are prepared to use “any number of options” to force organizations to pay the ransom demand, he said.

According to the Google Mandiant team, this is particularly important for hospitals, biotech firms and other healthcare companies, which are increasingly becoming targets for extortion because their IT departments store so much personal information and sensitive health records.

“And it can be an impossible choice,” added Sandra Joyce, head of global intelligence at Mandiant. “If you pay a ransom to an OFAC or sanctioned country, that is a violation. But if you don’t pay and there’s a business disruption or personal, private information (leaked), that’s your worst day.” Career having to deal with something like that.” ®