Ransomware attackers increasingly target individuals with personal threats

Ransomware attackers are becoming more personal in their methods, targeting individuals and using psychological pressure. Professional negotiators from Sygnia have noted a shift from businesses to individuals, highlighting cases where attackers reference sensitive personal information. This tactic emphasizes how much data companies have on their employees. In 2023, global ransomware payouts surpassed $1 billion for the first time, showing a significant rise in cyber extortion. However, payments decreased by 35% in 2024 due to improved cybersecurity efforts and law enforcement actions. In response, attackers are adapting their methods to be stealthier and more aggressive. Many attacks focus on high-level executives or those in legal roles, leveraging personal data to create anxiety among victims. While most ransom demands are not paid—about 70%—threats can escalate quickly. Attackers may threaten to leak information, which makes them appear more effective in the cyber crime community. AI tools are now used by both attackers and victims in ransomware negotiations. Attackers create advanced malware and phishing schemes, while victims use tools like ChatGPT for help. However, negotiators argue that AI cannot understand human emotions, which can worsen negotiations. If attacked, negotiators try to remain calm and engage in conversation to gather information from the attackers. The U.K. government is considering a ban on ransomware payments for critical sectors to deter cyber criminals. This ban could protect public entities but may unintentionally hurt smaller businesses that lack resources for recovery. Some experts warn that while bans can be effective, they could drive some businesses to pay ransoms secretly to avoid fines. Negotiators advise that if governments impose bans, they should consider exemptions for critical sectors and provide support for organizations to strengthen their cybersecurity. This approach could help minimize the negative impact on businesses while addressing the growing ransomware threat.