Analysis of the psychology behind digital ransom notes sheds light on the range of social engineering tactics used by cyber-attackers., Security
Analysis of the psychology behind digital ransom notes sheds light on the range of social engineering tactics used by cyber-attackers. Key social engineering techniques – fear, authority, scarcity (or urgency) and humour – are among the drives exploited by cyber-criminals in ransomware attacks examining ransomware ‘splash screens’ – the initial warning screens of ransomware attacks. SentinelOne has commissioned the report, “Exploring the Psychological Mechanisms used in Ransomware Splash Screens, ” by Dr. Lee Hadlington PhD, senior lecturer of cyber-psychology at De Montfort University. It reveals how social engineering tactics are used by cyber-criminals to manipulate and illicit payments from individuals. Analysis of the language, visuals and payment types from 76 splash screens, highlights the following common trends: The report also examines the differing levels of sophistication on the part of the attackers and comes in the wake of recent global ransomware attacks which have struck both public sector and private organisations, causing massive disruption and costing businesses millions in lost revenue. “We know that psychology plays a significant part in cyber-crime — what’s been most interesting from this study is uncovering the various ways that key social engineering techniques are used to intimidate or influence victims” said Hadlington. “With ransomware on the rise, it’s important that we improve our understanding of this aspect of the attack and how language, imagery and other aspects of the initial ransom demand are used to coerce victims.” “Although ransomware has leapt to the top of the public’s consciousness following recent attacks, what’s been less well documented is exactly how the criminals are manipulating their targets into paying up, ” said Tony Rowan, chief security consultant at SentinelOne. “This report sheds light on the most common tactics used, with the aim that, through awareness, we are better placed to advise individuals and businesses how not to be duped by these criminals’ claims.”