Sophos report reveals ransomware gangs’ increasingly invasive strategies to pressure companies into paying up
A recent report by Sophos has exposed a disturbing trend in which cybercriminals are weaponising stolen data to intensify pressure on businesses that refuse to pay ransoms. The report reveals that ransomware gangs are now targeting the families of chief executive officers (CEOs) and business owners, sharing their personal details or doxing them to coerce payment. Additionally, these criminals are threatening to report any illegal business activities uncovered in stolen data to authorities.
Sophos X-Ops uncovered dark web posts where ransomware groups labelled their targets as “irresponsible and negligent,” and even encouraged victims whose personal information was compromised to sue their employers. The report highlights how attackers, such as the WereWolves and Monti ransomware groups, are scouring stolen data for incriminating information that could be used as leverage. In one instance, Monti threatened to report an employee’s search for illicit material to the police if the ransom was not paid.
Christopher Budd, Director of Threat Research at Sophos, noted that these tactics are designed to amplify the pressure on business leaders by making them the focal point of blame. Some attackers have gone so far as to publish personal photos of business owners, complete with derogatory edits and sensitive information like social security numbers, to further humiliate and coerce them.
Budd emphasised that this escalating behaviour signals a shift towards more invasive and bold extortion methods. Ransomware gangs are no longer content with merely threatening to leak data-they are actively analysing it to maximise damage and create new opportunities for extortion. This puts organisations in a precarious position, as they now face the dual threats of corporate espionage and severe reputational damage alongside cyberattacks.