What is Ransomware attack? Strategies used by Cybercriminals

Cybercriminals want to increase their sales, just like any other company in business. They have found a way for victims to pay with ransomware. Cyber attackers have taken a page from legitimate business sales teams to guide their search. I have noticed similarities between ransomware criminal tactics and corporate sales operations. Ransomware attacks will not stop soon, so you must understand these similarities.

For years, cybercriminals have moved toward legitimate business models. Cybercrime-as-a-service operations allow unskilled criminals to outsource their botnets, phishing, and ransomware attacks to more specialized hackers. The criminal underground has become accustomed to help desks, invoices, and money-back guarantees. Ransomware is so popular that cyber gangs give it the white glove treatment. These are some of the ways ransomware hackers are mimicking traditional sales techniques.

Reconnaissance & Information Gathering

Determining your target audience is the first step to acquiring customers. Ransomware attackers use reconnaissance to locate victims they can force to pay a ransom. Cybercriminals conduct research to determine which companies and sectors are most likely to pay ransom to regain control of their data and services. To find the right personnel, they will use social media like Twitter and LinkedIn.

Initiating a Campaign

Cybercriminals must have a deep understanding of the target organization. They often start with the perfect pretext, much like sales campaigns. They will do surveillance of the network once the malware is distributed. They search for weaknesses to exploit and look for critical infrastructure and assets. It is essential to craft a phishing email with the right message. The recipient must click on a link or download the attachment. The average open rate for standard email marketing campaigns was 15%-25%, with a click-through rate of 2.5%. This compares with 30% of the phishing emails that have been opened.

Give a sample

Marketers will often offer a sample of their product or a trial to convert interested customers into buyers. Cybercriminals provide ransomware victims with a sample of stolen data to prove that they have infected the network. Cybercriminals often provide proof that the keys to unlock encrypted data work. Cybercriminals are known to keep their word and provide the data back so that they don’t damage their reputations. One study found that 58% of victims pay a ransom, and another found criminals don’t decrypt data after receiving payment, only 1%.


Although it is not common for merchants to lower their prices at customer request, it happens when the market is more fluid, or the sales pipeline is smaller. Ransomware cybercriminals expect that they can negotiate the price of data because they know it isn’t worth as much to others. The cybercriminal could release the data publically if the victim doesn’t pay. The average ransomware price is $110,000. Criminals will rather lower the price than not be paid. This is a huge loss.

These are some tips to help organizations avoid ransomware attacks and minimize the damage they may sustain if they do.

Get down to business.

Organizations must try to prevent malware from entering their networks. According to Verizon, one in five breaches involve phishing. This is why it’s essential to train employees to recognize phishing emails and to use anti-phishing tools and other anti-malware tools. Keep up-to-date on operating system and application updates to stop attackers from getting in via vulnerable software. 60% of breaches involve unpatched.

Get Back To the Basics

Make frequent backups of your data, and keep them separate from any networks that might be affected by ransomware attacks. Backups must be retained in a location where hackers can’t access them. This could include being physically or air-gapped from any internet-connected network. Manual updates are required, but this is the best approach.

Tabletop Simulations

Businesses need to plan for business continuity to be prepared for a ransomware attack. This includes having all staff on the same page, from security and technical teams to finance, legal, and PR. The teams should practice their steps in case of an attack by going through various scenarios. These tabletop exercises should occur at least once a quarter. Teams must practice recovering data from backups and ensure they get to the data when needed.

Cybercriminals have difficulty quantifying the Total Addressable Market for ransomware, but it is enormous. Any company could be a target. Ransomware is affecting critical industries such as education, healthcare, and government. However, every company has its threshold for business operations and data that they wouldn’t mind losing.

Hope you liked this article on What is a Ransomware attack? Strategies used by Cybercriminals

Are you interested in kickstarting your career in Cybersecurity no matter your educational background or experience? Click Here to find out how.


Care to Share? Please spread the word :)