Ransomware gangs are prioritizing stealing data from workstations used by executives in the hopes of finding and using valuable information to use in the extortion process.
A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain « juicy » information that they can later use to pressure and extort a company’s top brass into approving large ransom payouts. ZDNet first learned of this new tactic earlier this week during a phone call with a company that paid a multi-million dollar ransom to the Clop ransomware gang. Similar calls with other Clop victims and email interviews with cybersecurity firms later confirmed that this wasn’t just a one-time fluke, but instead a technique that the Clop gang had fine-tuned across the past few months. The technique is an evolution of what we’ve been seen from ransomware gangs lately. For the past two years, ransomware gangs have evolved from targeting home consumers in random attacks to going after large corporations in very targeted intrusions. These groups breach corporate networks, steal sensitive files they can get their hands on, encrypt files, and then leave ransom notes on the trashed computers. In some cases, the ransom note informs companies that they have to pay a ransom demand to receive a decryption key. In case data was stolen, some ransom notes also inform victims that if they don’t pay the ransom fee, the stolen data will be published online on so-called « leak sites. » Ransomware groups hope that companies will be desperate to avoid having proprietary data or financial numbers posted online and accessible to competitors and would be more willing to pay a ransom demand instead of restoring from backups. In other cases, some ransomware gangs have told companies that the publishing of their data would also amount to a data breach, which would in many cases also incur a fine from authorities, as well as reputational damage, something that companies also want to avoid. However, ransomware gangs aren’t always able to get their hands on proprietary data or sensitive information in all the intrusions they carry out.
