Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.​

Ransomware continues to be a serious security problem across nearly all industries. In fact, a recent Sophos study poll found that 66% of respondents said their organizations had been hit by ransomware at least once in 2023. In an unexpected shift from previous years, that same study found the Education sector had experienced the highest level of attacks (as opposed to Healthcare, which has long been the worst-performing sector for cybersecurity). Unfortunately, things aren’t likely to improve anytime soon, as it is predicted that ransomware will only continue to be a widespread issue in 2024. 

To make matters worse, the threat actors who employ ransomware are implementing new extortion tactics to encourage victims to pay up (complicating the FBI’s guidance on ransomware). Triple extortion, for example, occurs when attackers not only lock down the target system but also exfiltrate data and threaten to leak it online if the ransom is not paid. In truth, this scheme is just an extension of the double extortion tactic that’s been around for some time (in which attackers not only take the ransom payment but also sell the stolen data, regardless of whether they have been paid). 

One unexpected and emerging tactic in the cyber threat landscape is the use of swatting to force ransomware victims to pay. Luckily, UDT’s security experts have stayed up to speed on this tactic and we’re here to offer insight into what it is and what you can do to protect yourself and your organization.

 

What is Swatting? 

Simply put, swatting involves calling 911, local police, or other law enforcement to falsely report a crime is in progress (often something violent in nature) at the target individual’s home or organization’s address. Law enforcement, not knowing the call is fake, will then respond with extreme measures that often involve SWAT teams (hence the term, “swatting”) or armed raids. The result is that the target persons or organizations suddenly finds their location swarming with armed police, and in some cases, the outcome can be fatal. 

The concept of swatting is not new. In fact, anyone who has played online video games in the last 15 years or so is probably already aware of its existence. The FBI first coined the term back in 2008. The first official trial for swatting happened in 2009, when Matthew Wegman, a blind 19-year-old hacker, pleaded guilty to charges of computer intrusion and witness intimidation related to a 2005 swatting incident. Wegman was sentenced to 11 years in federal prison. 

While this first case wasn’t related to online gaming, many of the cases that followed were. By 2010, swatting had become a popular revenge tactic for online gamers who were angry at other players for various events, arguments, and/or perceived slights that happened in the game. 

For example, in 2019, a 19-year-old gamer named Casey Viner was sentenced to 15 months in prison for his role in a swatting call that ended with police mistakenly killing a man in Kansas. Viner and two other defendants orchestrated the swatting call after an online argument with the victim, another gamer.  

Needless to say, swatting is extremely dangerous to victims, but also to communities who rely on resources to respond to real in-progress crimes. 

 

Why (and How) Are Ransomware Gangs Using Swatting? 

As already stated, swatting has been around for a long time. So, why are ransomware gangs starting to use it more frequently? Well, the reason comes down to the ultimate goal of ransomware—to get the victim to pay the ransom. Since it’s now become common practice to NOT pay ransomware demands, threat actors have found that swatting is a good method for putting added pressure to comply. 

You may be wondering how swatting can be used to do this. Well, they don’t use this tactic against the target organizations… they use it against their customers.  

Take, for example, a recent series of ransomware attacks against medical institutions. The threat actors involved were able to extract patient information, including home addresses, from the target organizations when they successfully infected their systems with ransomware. When an institution failed to comply with their demands, they began running swatting attacks at the addresses of their patients (which they acquired during the ransomware infiltration), calling in everything from bomb threats to domestic violence and other alarming or violent crimes that would cause an armed response. As law enforcement began responding to these fake calls, the ransomware gang then informed the target institutions that they had done this and would continue to do so until the ransom was paid. 

At the time of writing, no information is available to confirm whether this method resulted in any successful ransomware payments. But successful or not, the use of swatting definitely escalates and further exacerbates the dangers related to ransomware.

 

How to Protect Yourself and Your Organization from Swatting 

Protecting yourself and your organization from swatting may seem difficult. However, it really comes down to safeguarding your personal and organizational information. Our experts recommend taking the following actions: 

  • Use unique, strong passwords and don’t use the same password for multiple accounts. 
  • Update your passwords regularly (about every 3-6 months). 
  • Do not share your home address or other sensitive information on social media. 
  • Always use multi-factor authentication (MFA) on all apps and websites when available. 
  • Make use of biometric safeguards on your mobile devices when available. 
  • Always keep your computers and mobile devices locked when not in use. 


If you do fall victim to a swatting call, the best way to stay safe in the immediate moment is to comply with the orders of the responding law enforcement officers. Do not react violently or be confrontational. You’ve done nothing wrong, and the situation will be sorted out once the officers have cleared the scene to ensure it is safe.

 

Stay Vigilant 

As with most cybersecurity threats, your best defense is to be aware, informed, skeptical, and vigilant (not paranoid). Always think before you click. Don’t share too much about yourself online or on social media, and especially safeguard your home address. It’s also critical to be aware of any security gaps in your organization’s protections.  

Working with an expert partner can give you an edge in an increasingly sophisticated threat landscape. When you’re ready to discover how UDT’s cybersecurity experts can help, contact our team. Together, we’ll accomplish more. 

Take The Quiz—What’s Your Security Risk Level?

New to cybersecurity or trying to improve your security posture? Take our brief quiz to understand how your organization might score when it comes to risk—and what to do about it. 

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Henry Fleches on AI’s role in business and UDT’s link to Intel

UDT’s Henry Fleches discusses AI’s transformative role in business. Learn how AI shapes operations and drives innovation for a competitive advantage.

Reasons to Spend Your Year-End Budget on a Smart School Technology Refresh

Discover how smart schools technology can transform your district. Invest your year-end budget in digital learning and safety for a successful new school year.

Technology and workplace culture: An evolving partnership — Table of Experts

Discover how South Florida’s best workplaces leverage technology for culture and efficiency. Learn from experts at the forefront of innovation, including our Chief Technology Officer, Fernando Mejia.

Professional Development for 1:1 Device Initiatives in School Districts

Explore how professional development technology training for teachers can enhance K12 education. Discover the impact of 1:1 device initiatives on teaching and learning.

How To Defend Against Business Email Compromise

Business Email Compromise (BEC) attacks are causing businesses to lose 48 times more money than ransomware. Learn how to defend against these pervasive cyberthreats.

How To Prioritize Cloud Security Best Practices at Your Organization

Remember these key principles as you implement cloud security best practices at your organization for a safe and secure cloud infrastructure with minimum security issues. Whether you’re using Microsoft Azure or Amazon Web Services (AWS), cloud data security must always be a priority.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,