{"id":6589,"date":"2020-09-22T11:58:19","date_gmt":"2020-09-22T11:58:19","guid":{"rendered":"https:\/\/web3unplugged.io\/blog\/?p=6589"},"modified":"2020-09-22T11:58:22","modified_gmt":"2020-09-22T11:58:22","slug":"the-realities-of-ransomware-extortion-goes-social-in-2020","status":"publish","type":"post","link":"https:\/\/web3unplugged.io\/blog\/the-realities-of-ransomware-extortion-goes-social-in-2020\/","title":{"rendered":"The Realities Of Ransomware: Extortion Goes Social In 2020"},"content":{"rendered":"\n<p>The early days of ransomware were very much transactional. You received an unsolicited email, clicked on a link or opened an attachment, and your computer eventually ran the ransomware binary which encrypted all of your user-generated files. The process of recovery was fairly straightforward. You either recovered your files from backup (after doing a full re-image) or you sent Bitcoins to the criminals in exchange for the decryption key.<\/p>\n\n\n\n<p>In time, the criminals added the ability to communicate with them and things got a little more personal.<\/p>\n\n\n\n<p>These communications were mostly under the auspices of support. Not only could the criminals increase their reputation as \u2018trustworthy\u2019 merchants, but it also gave some individuals the ability to negotiate payment terms. In October 2019, the ransomware scene gave us a glimpse of things to come.<\/p>\n\n\n\n<p>A group calling themselves \u2018Shadow Kill Hackers\u2019 attacked the city of Johannesburg, claiming to have stolen data from the city\u2019s compromised systems. The difference here is that the attackers didn\u2019t encrypt any files. In this purely social attack, the criminals threatened to release financial and personal data of Johannesburg\u2019s citizens if payment (4 BTC) was not made by the deadline. The city rebuffed the ransom demand and the attackers were silent. It took less than one month for this new tactic to catch the attention of more serious ransomware gangs.<\/p>\n\n\n\n<p>The criminals behind Maze ransomware began incorporating this tactic of steal and share as additional extortion pressure in their ransomware operations. The first such incident occurred in November 2019 when the Maze crew released a portion of a victims\u2019 stolen data in a show of force and added social pressure for the company\u2019s lack of payment. Since then we\u2019ve seen the Maze operators continue this behaviour and other prominent ransomware gangs have joined them.<\/p>\n\n\n\n<p>Today it isn\u2019t uncommon to hear of a ransomware victim being extorted into paying a ransom under threat of data exposure. We\u2019ve seen some criminals use their total access to an organization\u2019s compromised systems to pit employees against their own executives and IT department by threatening to release stolen employee data if the company did not engage with the criminals and negotiate payment.<\/p>\n\n\n\n<p>While it\u2019s still too early to determine if this form of social pressure will be more profitable than more traditional methods, it has heralded a new era in ransomware where social pressure and shaming is being used to increase the attackers\u2019 bottom line.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The early days of ransomware were very much transactional. You received an unsolicited email, clicked on a link or opened an attachment, and your computer eventually ran the ransomware binary which encrypted all of your user-generated files. The process of recovery was fairly straightforward. You either recovered your files from backup (after doing a full [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6590,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-6589","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"rttpg_featured_image_url":{"full":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos.jpg",2376,1584,false],"landscape":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos.jpg",2376,1584,false],"portraits":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos.jpg",2376,1584,false],"thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos-150x150.jpg",150,150,true],"medium":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos-300x200.jpg",300,200,true],"large":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos-1024x683.jpg",1024,683,true],"1536x1536":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos-2048x1365.jpg",2048,1365,true],"post-thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos.jpg",630,420,false],"graptor-sq-xs":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2020\/09\/John-Shier-senior-security-advisor-Sophos.jpg",100,67,false]},"rttpg_author":{"display_name":"admin","author_link":"https:\/\/web3unplugged.io\/blog\/author\/admin\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/web3unplugged.io\/blog\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","rttpg_excerpt":"The early days of ransomware were very much transactional. You received an unsolicited email, clicked on a link or opened an attachment, and your computer eventually ran the ransomware binary which encrypted all of your user-generated files. The process of recovery was fairly straightforward. You either recovered your files from backup (after doing a full&hellip;","_links":{"self":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/6589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/comments?post=6589"}],"version-history":[{"count":1,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/6589\/revisions"}],"predecessor-version":[{"id":6591,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/6589\/revisions\/6591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media\/6590"}],"wp:attachment":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media?parent=6589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/categories?post=6589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/tags?post=6589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}