Ransomware gangs are now going after top executives, they aim to get access to their laptops and workstations to steal data from them, in the hope that what they find will be more valuable and hopefully pressure the companies involved to pay a ransom.
This trend is relatively new and operates on the assumption that the workstations used by top people in a company have ‘juicier’ data. It is assumed that this kind of data would be more effective in pressuring a company into paying large amounts of ransom.
The tactic came to light earlier last week, when a company confirmed that it paid a multi-million-dollar ransom to the Clop ransomware gang.
Sly and effective tactics
Other Clop victims have said in phone calls and email interviews with cybersecurity companies, that this tactic was not a one-time fluke. It is a technique that the Clop gang has polished over the past few months.
The technique follows an evolving pattern that has been seen in ransomware gangs’ tactics lately.
Ransomware gangs started by attacking regular people on their PCs and evolved into attacking corporations, using surgical strikes. They breach corporate networks, steal data, encrypt what is left, and then leave ransom notes on the infected computers.
Applying pressure
In some cases, the ransom note tells the company that they have to pay a ransom to get the decryption key. There is usually no assurance that the gangs will give you the right decryption key or that it will decrypt anything at all.
Some of the notes tell the companies attacked that the data stolen would be published on leak sites for everyone to see. With potential shady dealings on the verge of exposure, it stands to reason that the companies would pay money to keep the information out of sight.