Extorting Ransomware Victims
Ransomware has become less about locking consumers out of devices and more about extorting them by threatening to release or leak their sensitive personal data, said Darren Shou, NortonLifeLock’s chief technology officer. Threat actors threaten to attack people’s identity and reputation by releasing emails, private conversations or sensitive selfies they’ve taken to friends, co-workers or their employer, he said.
Adversaries historically threatened to lock down files when carrying out ransomware attacks, but Shou said consumers have become increasingly capable of restoring those files using online backups. As privacy becomes more top of mind for consumers, extorting customers by threatening to publicly release or disseminate their personal information has become more effective, according to Shou.
The flow of payments the industry has seen around extortion and ransomware attacks is really a function of how much users value their reputation, Shou said. There has been a 35 percent increase in ransomware attacks from late 2020 to early 2021, while the share of illicit funds gotten by ransomware operators has grown by more than 300 percent on a year-over-year basis, according to Shou.