Coercion in the Age of Ransomware: New Tactics for Extorting Payments

Serving numbers

• According to the report, there has been a 27% rise in publicly disclosed ransomware victims as compared to Q1 2022 and a 25% rise as compared to Q2 2022. 
• The manufacturing and technology sectors continue to be the most impacted by ransomware. However, the legal industry observed a 65% surge in publicly posted victims from Q4 2022 to Q1 2023, with 70% of these attacks being attributed to the most active "double-extortion" ransomware groups such as LockBit, AlphV, Royal, and BlackBasta.
•  In the education sector, there was a 17% rise in publicly disclosed victims during the same period, with Vice Society being responsible for 27% of all attacks in the education industry.
• U.S.-based organizations constituted the majority of ransomware victims, accounting for 46% (395 out of 851) of all observed victims, followed by the U.K (7.7%) and Germany (4.4%).

Coercion tactics

• At the beginning of 2023, the LockBit ransomware group released chat logs of a negotiation with one of its victims, Royal Mail, which the group claimed had failed. 
• Although this method is not entirely new, it is probably intended to deter aggressive negotiation tactics and bolster the effectiveness of shaming strategies employed by the ransomware operators.
• Other coercive measures adopted by ransomware groups include launching DDoS attacks and selectively leaking data to the public to garner media attention and harm the reputation of targeted organizations.

The bottom line