An interesting analysis has revealed how hackers are using psychological techniques like fear, authority, urgency and humour to extort ransom from ransomware victims.
Hackers are using the 'ticking clock' method to extract ransom from over half of all ransomware victims, 75 percent of which are in Bitcoin.
In his report titled “Exploring the Psychological Mechanisms used in Ransomware Splash Screens”, noted cyber psychology expert Dr. Lee Hadlington has laid out the techniques most commonly used by hackers to extract ransom from ransomware victims.
Social engineering has often been termed as the latest and the most effective vector for ransomware attacks. Hackers use innovative techniques to fool employees at major corporations and get them to click on links or send payments by posing as vendors or clients. Their success is amplified by the lack of cyber-awareness and lack of cyber-security training among employees, especially among small and medium businesses.
Dr. Hadlington says that hackers are now using key social engineering techniques like fear, authority, urgency and humour to conduct successful ransomware attacks. In 57 percent of the samples that he analysed, he found that hackers used the 'ticking clock' technique to create urgency among victims. Most victims were given between 10 hours and 96 hours to pay ransom or face consequences.
“We know that psychology plays a significant part in cyber crime - what’s been most interesting from this study is uncovering the various ways that key social engineering techniques are used to intimidate or influence victims,” he says.
“With ransomware on the rise, it’s important that we improve our understanding of this aspect of the attack and how language, imagery and other aspects of the initial ransom demand are used to coerce victims,” he adds.
Besides urgency, hackers are also using the threat of consequences to increase their chances of success. Many ransomware victims are being threatened with consequences like deletion of important personal and company files, locking files on the internet or restricting the victim's access to important data.
Hackers are also making extensive use of official trademarks or emblems like badges of well-known government agencies to instill authority and credibility in the messages that they are sending out to victims. Very often, victims are led to believe that they owe money to the government and may face legal action if they do not meet the demands.
If the above is a 'stick' approach, hackers are also offering carrots to ransomware victims by using the 'customer service' approach. Dr. Hadlington says hackers are offering instructions to victims on how to buy Bitcoins (BTC) or presenting frequently asked questions (FAQs). Hackers also interact with victims through various means to 'help' the latter make ransomware payments.
Studies like this can help users understand the techniques employed by hackers so that they do not fall victim to similar tactics in the future. Social engineering is an effective tool to fool individuals and businesses but targeted cyber-security training can go a long way in helping them avoid such attacks.
“Although ransomware has leapt to the top of the public’s consciousness following recent attacks, what’s been less well documented is exactly how the criminals are manipulating their targets into paying up. This report sheds light on the most common tactics used, with the aim that, through awareness, we are better placed to advise individuals and businesses how not to be duped by these criminals’ claims,” said Tony Rowan, chief security consultant at security firm SentinelOne.