Tech

Ransomware Gang Turns to Revenge Porn

Glitch art

At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company.

The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organizations a much more personal matter.

Videos by VICE

Motherboard is not naming the ransomware group responsible for leaking the images, so as to not contribute to their likely goal of intimidating the specific victim, or to bolster their reputation generally. As Motherboard has reported by speaking directly to digital extortionists, some hackers deliberately cater their own image to appear more threatening to victims. Motherboard is also not naming the targeted company nor any of the impacted individuals.

But there is still a public interest in showing that ransomware groups may continue to push their tactics to extremes, and what those steps may mean for policymakers, hacking victims, and law enforcement.

Do you know anything else about a ransomware incident? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The ransomware group regularly posts stolen documents and files from target companies on its dark web site. Generally, this may be done after a victim has not agreed to pay an initial ransom amount. Hackers then steadily leak material they’ve obtained, and threaten to keep doing so until the target pays.

In this case, the group seemingly added more material from the victim to their site, and eventually posted the nude images of a woman.

Typically the sort of material that ransomware groups leak include trade secrets, confidential business documents, and emails. In rare cases hackers have leveraged nude images for extortion. In 2017, the hacking group known as The Dark Overlord stole images from a plastic surgery in the UK and sent those to me. Many of the images were explicit in nature. At the time, the group only threatened to distribute the images further. The intent, it appears, was to try and convince the surgery clinic to pay an extortion amount.

In this new extortion case, the ransomware group has posted the images publicly.

Lawmakers have pushed President Biden to pressure Russia around its harbouring of ransomware groups. Biden said during the recent G-7 summit of world leaders that he was “open” to Putin’s alleged proposal about each country turning over cybercriminals.

“We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions,” a joint statement issued at the end of the summit reads.

Subscribe to our new cybersecurity podcast, CYBER.