In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team.

And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.

Although the technique of prioritising the theft of data from managers’ PCs is not a new one, it has been highlighted by a report from ZDNet over the weekend.

In his report, ZDNet journalist Catalin Cimpanu describes a conversation he had last week with a company that paid millions of dollars following an attack by the Clop ransomware.

“…in recent intrusions, a group that has often used the Clop ransomware strain has been specifically searching for workstations inside a breached company that are used by its top managers.” “The group sifts through a manager’s files and emails, and exfiltrates data that they think might be useful in threatening, embarrassing, or putting pressure on a company’s management — the same people who’d most likely be in charge of approving their ransom demand days later.”

As regular readers know, in recent years ransomware gangs have not just increasingly targeted large organisations in their attacks in preference to thousands of home users. They have also valued highly the prize of exfiltrating sensitive data such as business plans, financial details, and intellectual property that corporate victims would dread falling into the public domain or their commercial rivals.

And where better to find such commercially sensitive information than on the workstation of a chief executive, chief financial officer, or communications director.

clop ransomware

According to Lawrence Abrams of Bleeping Computer, the technique (Read more...)