Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers.
A somewhat unexpected mode of extortion appears to be popping up in attacks targeting medical institutions. According to Dark Reading, cybercriminals are making repeat prank calls to police about individuals that are patients impacted by a data breach of a medical facility they are a customer of.
By notifying the victim organization of the intent to “swat” their patients, the organizations will pay.
I’m not so convinced. But that doesn’t mean these threat actors won’t continue the tactic.
But this small evolution in extortion tactics does signal that ransomware gangs are realizing that organizations are aware of and are preparing themselves for the “traditional” tactics and their impacts. This is why ‘swatting’ makes sense; it’s out of left field, really.
It’s something the organization cannot truly prepare for, as these attacks could expose medical organizations to lawsuits, as victim patients will be able to demonstrate in court that they have been harmed by the repeat harassment and potential trauma of armed police visits.
This latest mode of extortion is a great example of why it’s critical to put the greatest emphasis on stopping an attack from ever happening – something new-school security awareness training helps to accomplish. No matter how prepared you are, the cybercriminal is going to think of something you haven’t.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.