Ransomware groups are increasingly weaponizing stolen data to pressure their targets into paying ransoms, according to recent research by cybersecurity firm Sophos. The findings reveal that cybercriminals are no longer content with merely threatening to leak sensitive information but are now actively using it to manipulate their victims and shape the public narrative.
Sophos’ analysis, sparked by the December 2023 breach of MGM casinos, highlights how these groups are turning media outlets into tools to intensify pressure on their victims.
Christopher Budd, director of threat research at Sophos, explained that ransomware gangs are using the threat of exposure to shift blame onto their targets.
“They label them as ‘irresponsible and negligent,’ even encouraging individuals whose personal information was compromised to sue their employers,” Budd said.
The report from Sophos X-Ops presents disturbing examples from the dark web. One post showed a defaced image of a business owner alongside their social security number, with gang members urging employees to seek compensation from their company. In some cases, the attackers threatened to inform stakeholders about the breach, further increasing pressure on the business to pay the ransom.
Search history
Sophos researchers also observed ransomware attackers meticulously analyzing stolen data for leverage. The WereWolves ransomware group described a process involving “a criminal legal assessment, a commercial assessment, and an assessment in terms of insider information for competitors.” Another group, Monti, threatened to expose an employee’s search history related to child sexual abuse material if the company didn’t comply with their demands.
This tactic of extracting sensitive information extends beyond corporate secrets to personal and highly sensitive data. Ransomware gangs have threatened to release mental health records, children’s medical information, and even “images of nude patients.” In one case, the Qiulong group posted the personal data of a CEO’s daughter, linking to her social media profile.
“Ransomware gangs are becoming increasingly invasive and bold about how and what they weaponize,” said Budd.
He emphasized that these criminals are not just stealing data but actively analyzing it to maximize damage and find new avenues for extortion.
The research underscores the need for organizations to consider the broader implications of data breaches. Companies now face the dual threat of cyberattacks and the potential exposure of damaging information, which could lead to reputational harm, legal battles, and increased pressure from stakeholders.