Ransomware Gangs Are Now Targeting Individuals

unrecognizable black gang in blindfolds on dark background
Photo by Asiama Junior on Pexels.com

The ransomware landscape has evolved dramatically in recent years. In the earliest days, attackers targeted individual users’ home computers. Then, they switched to targeting large organizations. Now, individuals are back in the firing line. Let’s look at how.

The Birth of Double Extortion

When ransomware was still in its infancy, and attackers were a small subset of the criminal underworld, cybercriminals would target individuals’ home computers, encrypting their data and demanding a relatively small ransom for its safe return.

However, as attackers grew more sophisticated, they realized they could demand much higher ransoms by targeting organizations. Cybercriminals would infiltrate an organization’s network, encrypt valuable data, and demand a ransom for the decryption key. Individual users were largely left alone: the primary victim was the targeted organization, with secondary effects on users who might temporarily lose access to services. However, as cybersecurity defenses improved, attackers adapted, giving rise to a more insidious tactic: double extortion.

Double extortion involves not only encrypting stolen data but also threatening to leak or sell it on the dark web. This method amplifies the pressure on organizations to pay the ransom, as failure could lead to severe reputational damage and potential legal repercussions. The victims now extend beyond the targeted organization to include individual users whose personal information is at risk of exposure.

The consequences are dire, mainly when the stolen data includes sensitive personal information. For example, in March 2023, the ALPHV/BlackCat ransomware gang targeted a healthcare network, stealing and threatening to publish photographs of breast cancer patients. Some of these images were even posted on the dark web, highlighting the extreme emotional and psychological toll such attacks can inflict on victims.

Extorting Individuals: Sinking to New Lows

Ransomware gangs have recently begun exploiting double extortion by directly contacting individual users. This tactic not only pressures organizations but also instills fear and panic among those whose data might be compromised. For example, in 2021, Brian Krebs reported that the Cl0p ransomware gang emailed customers of RaceTrac Petroleum. The message read:

“Good day! If you received this letter, you are a customer, buyer, partner, or employee of RaceTrac. The company has been hacked, data stolen, and will soon be released as it refuses to protect its people’s data. We inform you that information about you will be published on the darknet [link to dark web victim shaming page] if the company does not contact us. Call or write to this store and ask to protect your privacy!!!!”

Such direct communication aims to coerce victims into pressuring the organization to comply with ransom demands, leveraging the fear of personal data exposure, which in this case included employee tax and financial records.

In some cases, ransomware attackers have taken this further by attempting to directly extort money from individual users. A harrowing example is the 2020 attack on Finland’s largest psychotherapy company, Vastaamo. After stealing therapy notes from numerous patients, the attacker, when unable to extort the organization, resorted to blackmailing 33,000 patients, threatening to publish their private therapy notes unless they paid a ransom. Tragically, this case has been linked to at least one suicide, underscoring the devastating impact such tactics can have on individuals.

Ransomware’s Dark Future

While authorities managed to apprehend the Vastaamo attacker, the success of his methods raises concerns about future trends. The psychological manipulation and moral degradation displayed by ransomware gangs highlight a dark future where individuals, not just organizations, are targeted as leverage in extortion schemes. Moreover, the ease with which sensitive information can be monetized on the dark web adds a financial incentive for these malicious actors to continue refining their techniques.

As cybersecurity professionals work to develop more robust defenses, awareness and proactive measures are essential for both organizations and individuals. The rise of ransomware attacks targeting personal data underscores the need for comprehensive cybersecurity strategies, including regular data backups, robust encryption, and public awareness campaigns about the risks and signs of phishing attacks. Additionally, individuals must exercise caution when sharing personal information online and be vigilant against phishing attempts that can serve as entry points for such attacks.

In conclusion, the evolution of ransomware from single-victim extortion to widespread digital blackmail and personal targeting signifies a dangerous shift in cybercrime. The digital age’s interconnectedness means that anyone can become a victim, and the stakes are higher than ever. A collaborative effort between governments, organizations, and individuals is crucial to combat this growing threat.

Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He’s written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.

Leave a Comment