There are five key behavioral tactics cyberattackers use to encourage their targets to pay ransomware demands, according to a report commissioned by the cybersecurity company SentinelOne.
For the report, Lee Hadlington PhD, senior lecturer of cyberpsychology at De Montfort University in London, analyzed the language, imagery and payment types displayed in 76 digital ransom notes. From the analysis, he determined how cybercriminals intimidate or influence victims into agreeing to ransomware demands.
"Although ransomware has leapt to the top of the public's consciousness following recent attacks, what's been less well documented is exactly how the criminals are manipulating their targets into paying up," said Tony Rowan, chief security consultant at SentinelOne.
Here are the five behavioral tactics attackers have used in ransomware demands.
1. Time criticality. The majority of digital ransom samples (57 percent) used a "ticking clock" to set a deadline for a ransom payment, which created a sense of urgency and encouraged targets to pay quickly.
2. Consequences. The most frequent consequence for failing to pay a ransom demand is permanently losing access to files. However, some cyberattackers have threatened to publish the target's encrypted files online.
3. Customer services. Just over half of digital ransom samples (51 percent) used a customer service approach, providing instructions on how to purchase bitcoin or presenting a list of frequently asked questions.
4. Imagery. The digital ransom notes used a range of visuals to instill either authority or fear. Some notes used official trademarks, like the FBI crest, while others used horror images from pop culture, such as depictions of the character "Jigsaw" from the Saw franchise.
5. Payment. The majority of ransom demands (75 percent) asked for payment in the form of bitcoin. Fifty-five percent of samples demanded the ransom in its initial note, while others detailed the amount of money at a later point in time.
Click here to view the full report.