Sophos, has released a new dark web report titled “Turning the Screws: The Pressure Tactics of Ransomware Gangs.” The report reveals how cybercriminals are using stolen data to increase pressure on victims who refuse to pay ransoms. Tactics include doxing family members of CEOs, threatening to expose illegal business activities, and urging victims to sue their employers.
Sophos X-Ops discovered dark web posts where ransomware gangs label their targets as “irresponsible and negligent.” Some posts encourage individual victims to pursue legal action against their employers. Following the December 2023 MGM casino breach, Sophos noted an increase in ransomware gangs using media to manipulate narratives and shift blame onto business leaders. For instance, attackers have published photos of business owners with devil horns and shared their social security numbers, urging employees to seek compensation and threatening to notify stakeholders about breaches.
The report also highlights how ransomware groups, like WereWolves and Monti, plan to use sensitive stolen data as leverage. This includes criminal, commercial, and insider information assessments, and even threats to report criminal activities, such as an employee’s search for child sexual abuse material.
These findings reflect a growing trend of criminals using highly sensitive data to extort companies, including employee, client, and patient information. Examples include mental health records, medical records of children, and personal data of CEOs’ family members. The Qiulong ransomware group, for instance, posted personal data and a link to the Instagram profile of a CEO’s daughter.
“Ransomware gangs are becoming increasingly invasive and bold,” said Christopher Budd, director of threat research at Sophos. “They’re not just threatening to leak data but analyzing it for maximum damage and new extortion opportunities. This adds to companies’ concerns about corporate espionage, loss of trade secrets, and illegal activities by employees.”
Read the full report “Turning the Screws: The Pressure Tactics of Ransomware Gangs” on Sophos.com.