Ransomware continues to be a serious security problem across nearly all industries. In fact, a recent Sophos study poll found that 66% of respondents said their organizations had been hit by ransomware at least once in 2023. In an unexpected shift from previous years, that same study found the Education sector had experienced the highest level of attacks (as opposed to Healthcare, which has long been the worst-performing sector for cybersecurity). Unfortunately, things aren’t likely to improve anytime soon, as it is predicted that ransomware will only continue to be a widespread issue in 2024.
To make matters worse, the threat actors who employ ransomware are implementing new extortion tactics to encourage victims to pay up (complicating the FBI’s guidance on ransomware). Triple extortion, for example, occurs when attackers not only lock down the target system but also exfiltrate data and threaten to leak it online if the ransom is not paid. In truth, this scheme is just an extension of the double extortion tactic that’s been around for some time (in which attackers not only take the ransom payment but also sell the stolen data, regardless of whether they have been paid).
One unexpected and emerging tactic in the cyber threat landscape is the use of swatting to force ransomware victims to pay. Luckily, UDT’s security experts have stayed up to speed on this tactic and we’re here to offer insight into what it is and what you can do to protect yourself and your organization.
What is Swatting?
Simply put, swatting involves calling 911, local police, or other law enforcement to falsely report a crime is in progress (often something violent in nature) at the target individual’s home or organization’s address. Law enforcement, not knowing the call is fake, will then respond with extreme measures that often involve SWAT teams (hence the term, “swatting”) or armed raids. The result is that the target persons or organizations suddenly finds their location swarming with armed police, and in some cases, the outcome can be fatal.
The concept of swatting is not new. In fact, anyone who has played online video games in the last 15 years or so is probably already aware of its existence. The FBI first coined the term back in 2008. The first official trial for swatting happened in 2009, when Matthew Wegman, a blind 19-year-old hacker, pleaded guilty to charges of computer intrusion and witness intimidation related to a 2005 swatting incident. Wegman was sentenced to 11 years in federal prison.
While this first case wasn’t related to online gaming, many of the cases that followed were. By 2010, swatting had become a popular revenge tactic for online gamers who were angry at other players for various events, arguments, and/or perceived slights that happened in the game.
For example, in 2019, a 19-year-old gamer named Casey Viner was sentenced to 15 months in prison for his role in a swatting call that ended with police mistakenly killing a man in Kansas. Viner and two other defendants orchestrated the swatting call after an online argument with the victim, another gamer.
Needless to say, swatting is extremely dangerous to victims, but also to communities who rely on resources to respond to real in-progress crimes.
Why (and How) Are Ransomware Gangs Using Swatting?
As already stated, swatting has been around for a long time. So, why are ransomware gangs starting to use it more frequently? Well, the reason comes down to the ultimate goal of ransomware—to get the victim to pay the ransom. Since it’s now become common practice to NOT pay ransomware demands, threat actors have found that swatting is a good method for putting added pressure to comply.
You may be wondering how swatting can be used to do this. Well, they don’t use this tactic against the target organizations… they use it against their customers.
Take, for example, a recent series of ransomware attacks against medical institutions. The threat actors involved were able to extract patient information, including home addresses, from the target organizations when they successfully infected their systems with ransomware. When an institution failed to comply with their demands, they began running swatting attacks at the addresses of their patients (which they acquired during the ransomware infiltration), calling in everything from bomb threats to domestic violence and other alarming or violent crimes that would cause an armed response. As law enforcement began responding to these fake calls, the ransomware gang then informed the target institutions that they had done this and would continue to do so until the ransom was paid.
At the time of writing, no information is available to confirm whether this method resulted in any successful ransomware payments. But successful or not, the use of swatting definitely escalates and further exacerbates the dangers related to ransomware.
How to Protect Yourself and Your Organization from Swatting
Protecting yourself and your organization from swatting may seem difficult. However, it really comes down to safeguarding your personal and organizational information. Our experts recommend taking the following actions:
- Use unique, strong passwords and don’t use the same password for multiple accounts.
- Update your passwords regularly (about every 3-6 months).
- Do not share your home address or other sensitive information on social media.
- Always use multi-factor authentication (MFA) on all apps and websites when available.
- Make use of biometric safeguards on your mobile devices when available.
- Always keep your computers and mobile devices locked when not in use.
If you do fall victim to a swatting call, the best way to stay safe in the immediate moment is to comply with the orders of the responding law enforcement officers. Do not react violently or be confrontational. You’ve done nothing wrong, and the situation will be sorted out once the officers have cleared the scene to ensure it is safe.
Stay Vigilant
As with most cybersecurity threats, your best defense is to be aware, informed, skeptical, and vigilant (not paranoid). Always think before you click. Don’t share too much about yourself online or on social media, and especially safeguard your home address. It’s also critical to be aware of any security gaps in your organization’s protections.
Working with an expert partner can give you an edge in an increasingly sophisticated threat landscape. When you’re ready to discover how UDT’s cybersecurity experts can help, contact our team. Together, we’ll accomplish more.
Take The Quiz—What’s Your Security Risk Level?
New to cybersecurity or trying to improve your security posture? Take our brief quiz to understand how your organization might score when it comes to risk—and what to do about it.