The psychology of a ransomware attack: A guide to what makes victims click

Cybercrime is very much a psychological game and ransomware is no exception. Psychology plays a major role in almost all aspects of ransomware from the moment an attack is launched until the moment the victim pays—or refuses to pay—the ransom.

Psychology of ransomware distribution
Most ransomware is distributed through phishing emails, instant messages, and text messages. Distributors use psychological tactics designed to create a sense of urgency and force the victim to click a malicious link or attachment quickly. This preys on a person’s emotions, especially fear. Victims are told they might lose access to an account; that an unauthorized payment has been made; or that medical benefits are about to change. These statements scare victims into clicking and, as a result, they get hit with a dose of ransomware.

Ransomware distributors also understand victim’s desires. They know that most people would love an easy path to money, recognition, or free merchandise and they create phony offers to capitalize on this tendency.

Psychology of ransomware demands
Ransomware demands rely primarily on the fear of losing data. Ransomware infections are often noticed when access to data is needed. Suddenly, rather than seeing the files, a ransom message is displayed. Fear is also used in ransom messages that display warnings of illegal or embarrassing behavior. Those accused of a crime from fake FBI warnings or messages regarding pornography viewing are loathe to seek help from others. Why? Because they fear that their activities would be put under a microscope and that friends, family or coworkers will less of them.

Ransomware also uses tactics that further build anxiety such as assigning deadlines to ransom payments. TruCrypt ransomware, for example, demands a ransom payment within 72 hours. After that, recovery keys would be unavailable.

Some have taken a completely different approach. CryptMix, released earlier this year, promised to donate ransoms to charity if victims paid their large demand of 5 bitcoins to decrypt data. When faced with a difficult decision, people want to know that they are doing the right thing and CryptMix allows victims to believe that they are helping someone in the process. Whether anyone actually believes that the authors will donate the ransom money to charity is beside the point because it is the desire to believe that really matters—and that’s the desire the ransomware authors count on.

Ransomware distributors know how to push our psychological buttons. That is why it is important to prepare yourself psychologically for a ransomware attack and for the phishing messages that are often used to distribute ransomware. Take the time to consider emails, instant messages, and SMS before clicking links or downloading software. Plan how you will respond if you have a ransomware infection. Verify that you have good backups and that you know how to perform a restore operation.

About The Author

Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

Leave a Reply