Important stages of ransomware evolution

The self-proclaimed malefactors instructed webmasters to pay $2,000 during five days to prevent these materials from being leaked. It turned out, though, that these were empty threats as the fraudsters did not actually have access to the sites. However, the impostors' Bitcoin wallets did get a couple of incoming payments while this hoax was in full swing.

DDoS as an extortion element

Perpetrators may threaten to knock an enterprise network offline with a distributed denial-of-service attack unless the victim coughs up a ransom. Known as Ransom DDoS (or RDoS), this assault vector saw a major spikein August 2020. Attackers purporting to be from notorious Advanced Persistent Threat (APT) groups Fancy Bear and Armada Collective started sending such ransom notes to a plethora of companies from the retail, e-commerce, travel, and banking sectors.

The recipients were told to pay 10 bitcoins to avoid a disruption of their digital infrastructures through massive traffic floods. The good news is most victims did not encounter any DDoS issues after rejecting this demand. Some organizations did face small-scale attacks, though.

One way or another, RDoS is a serious menace and sometimes criminals carry through with their threats. In October 2020, the operators of a ransomware strain called SunCrypt brought down a victim's website via a powerful DDoS onslaught after the company refused to pay for data decryption. This move reportedly coerced the target to succumb to the original demands.

Facebook ads used to pressure victims

In early November 2020, criminals at the helm of the Ragnar Locker ransomware operation started mishandling compromised Facebook accounts to put an extra psychological burden upon their stubborn victims. In one such episode, the felons took over the account owned by Chris Hodson, a DJ from Chicago, and launched a fraudulent ad campaign on behalf of the user.

The ad contained information relating to a security breach of the Italian company Campari Group. Ragnar Locker operators claimed to have stolen roughly 2 TB worth of the target's data before encrypting these records. To regain access to its proprietary files, Campari Group was instructed to pay a whopping $15 million in cryptocurrency.

The ad campaign through the hacked Facebook account had generated more than 7,000 views before the social network's algorithms identified it as a fraud. It emphasized that the extortionists had a huge amount of the victim's data and would start spilling it if no payment were made. By and large, this is an entirely new way of adding publicity to ransomware incidents in an attempt to extort money from businesses more efficiently.

Printers spewing out ransom notes

A hugely exotic extortion trick was spotted in mid-November 2020. The operators of the Egregor ransomware, who had orchestrated a successful attack against the Chile-based retail giant Cencosud, somehow managed to make the receipt printers in its stores generate text containing a ransom alert along with data decryption demands.

Ransomware authors know that most businesses try to keep such incidents secret. With that in mind, they often sucker-punch noncompliant victims by letting employees, customers, and partners know about the breach. Such information can impact a company's reputation and entail serious financial losses.