According to Sophos’ latest Darkish Net Report, cybercriminals are exploiting stolen data as leverage to amplify pressure on reluctant targets who refuse to pay. To the print media belong the dissemination of contact details, publishing information about family members of CEOs and business owners, or threatening to report illegal business activities discovered in stolen data to the authorities. The Sophos X-Ops report also reveals that ransomware gangs label their targets as “irresponsible and reckless” and urge individual victims whose personal information has been stolen to file a lawsuit against their employer.
In December 2023, following the MGM Online Casino breach, Sophos observed a trend among ransomware groups that seek to weaponize the vulnerability as one of their tools. Through this modus operandi, cybercriminals can not only intensify the pressure on their victims but also seize control of the narrative and deflect blame. Furthermore, security specialists observe that gangs are targeting the leadership of companies they hold responsible for the ransomware attack. In a published article, the attackers released a photo of an entrepreneur alongside his social security number with devil horns, sparking outrage and concern for the individual’s privacy and safety. In a subsequent posting, the attackers demanded that employees request “compensation” from their company and, in other cases, threatened to notify customers, accomplices, and competitors about data breaches. According to Christopher Budd, Director of Risk Analysis at Sophos, this approach creates a kind of artistic lightning rod for blame assignments, increases pressure on companies to pay ransom demands and may potentially worsen the reputational damage resulting from an attack on the company.
Sophos X-Ops has also uncovered several ransomware attackers’ posts detailing their plans to search for sensitive information in stolen data to use as leverage against companies that refuse to pay. In a posting, the Ransomware actor WereWolves explicitly notes that all stolen data will be subjected to “a criminal, a commercial, and an evaluation in terms of insider information for competitors”. In another instance, the ransomware group Monti discovered that an employee of a target company was searching for materials on child sexual abuse and threatened to report the information to the police unless the company paid the ransom.
Cybercriminals are increasingly resorting to exploiting sensitive company data on employees, customers, or patients, for instance, psychiatric records, medical information of children, patient data on sexual issues, or naked patient images? When the Qiulong ransomware group perpetrated a ransomware attack, they posted personal data of the CEO’s daughter along with a hyperlink to her Instagram profile?
Ransomware gangs are increasingly brazen and invasive in their tactics, employing ever-more sophisticated and destructive methods to wreak havoc. To increase pressure on companies, they don’t just steal data and threaten to release it. You thoroughly scrutinize the data and information to maximize damage and generate novel opportunities for extortion. That means companies must worry not only about corporate espionage, the loss of business secrets or illegal activities by employees but also about similar problems in the context of cyberattacks, says Budd.
Read the full report “” on Sophos.com.
