What do the ransomware attackers do?

The tactic used by cybercriminals these days is to hire ransomware hackers who not only steal sensitive data from you but such criminals will try a range of strategies to further convince the victim to pay the ransom.

Previously, ransomware attackers would break into an organization’s system and encrypt critical data. Without a consistent or latest backup, that organization would have been left with few options other than paying the attackers to get the data decrypted.

However, with time the organizations have become more thorough about backing up the data. As a result, cybercriminals have revolved to extra destructive and forceful tricks for the ransom to be paid.

Here is what the ransomware attacker do to pressurize the organization to pay Ransom

Advertisement
1. Public release of data. One common tactic employed by attackers is the double-extortion ploy. In this case, the criminal promises to publish or even auction the data online unless the ransom is paid. Even if the victim has consistent backups, they may feel pressure to pay the ransom rather than risk embarrassment and possible legal consequences if the data is leaked.
2. Direct contacting employees. To further pressure an organization, attackers will contact senior executives and other employees to warn them that their own personal data will be leaked if the ransom isn’t paid.
3. Contacting partners, customers, and the media. In other cases, the attackers will reach out to business partners, customers, and even the media and tell them to urge the affected organization to pay.
4. No contact with law enforcement. Organizations contact law enforcement officials or other parties to pursue their help in solving the occurrence. This move might help the victim recover their data without paying the ransom, many attackers will caution their victims to keep silent fearing the outcomes.
5. Recruiting insiders. The tactic used by the criminals is to convince employees or insiders to help them break into an organization to carry out a ransomware attack. In return, the insiders are promised a share of the ransom payment.
6. Changing passwords. The attackers usually set up a new domain admin account with the change of passwords for all other admin accounts. This prevents the administrators from logging into the network to resolve the problem or reinstate the encrypted files from backups.
Advertisement
7. Induction of phishing campaigns. The attackers sent phishing emails to employees to run malware that provide full access to their emails. The attackers then used accounts to contact the IT, legal, and security teams to warn of more attacks if the ransom wasn’t paid.
8. Deleting sensitive data backups. The attackers delete backups or uninstall the backup software. The criminals used a compromised admin account to contact the host of the victim’s online backups and told them to delete the offsite backups.
9. Hard copies of the ransom note. Some criminals send the hard copies to the victim’s offices and employees of the ransom note are sent to connected printers and point of sale terminals.
10. Dispersed Denial-of-Service attacks. Numerous ransomware criminals have turned to DDoS attacks to try to persuade persistent victims to pay the ransom.