Sopho has released a new dark web report titled “Turning the Screws: The Pressure Tactics of Ransomware Gangs.” The report uncovers how cybercriminals are escalating their tactics by weaponizing stolen data to coerce targets who refuse to pay ransoms. This includes doxing family members of targeted CEOs, threatening to expose illegal business activities, and encouraging litigation against employers.
Sophos X-Ops, the company’s threat intelligence unit, has identified dark web posts where ransomware gangs label their targets as “irresponsible and negligent.” Some posts even urge individual victims to sue their employers if their personal information was compromised. Christopher Budd, Director of Threat Research at Sophos, noted, “In December 2023, following the MGM casino breach, we observed ransomware gangs using media as a tool to increase pressure on victims and control the narrative. They are singling out business leaders, publishing their personal details, and encouraging employees to seek ‘compensation’ from their companies. This approach exacerbates the reputational damage and pressures businesses to pay ransoms.”
Sophos X-Ops found multiple posts from ransomware attackers detailing plans to leverage stolen data. One post from the WereWolves ransomware group mentioned using stolen data for criminal, commercial, and insider assessments. Another post by the Monti group threatened to expose an employee searching for illegal content unless the ransom was paid.
Ransomware gangs are increasingly targeting sensitive data, including mental health records, medical records of children, and personal information about patients. In one case, the Qiulong ransomware group posted the personal data of a CEO’s daughter and linked to her Instagram profile. Budd emphasized, “Ransomware gangs are becoming more invasive and bold. They’re not just threatening to leak data; they’re analyzing it to maximize damage and find new extortion opportunities. This compounds the challenges for organizations, which must now consider corporate espionage, trade secrets, and illegal employee activities alongside cyberattacks.”
Sophos is a global leader in next-generation cybersecurity, protecting millions of people and businesses in more than 150 countries from today’s most advanced threats. Sophos’ solutions are powered by threat intelligence, AI, and machine learning from SophosLabs and SophosAI, a team of data scientists and cybersecurity experts.