Ransomware Gangs Adding Pressure with 'Swatting' Attacks

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.

Ransomware continues to be a serious security problem across nearly all industries. In fact, a recent Sophos study poll found that 66% of respondents said their organizations had been hit by ransomware at least once in 2023. In an unexpected shift from previous years, that same study found the Education sector had experienced the highest level of attacks (as opposed to Healthcare, which has long been the worst-performing sector for cybersecurity). Unfortunately, things aren’t likely to improve anytime soon, as it is predicted that ransomware will only continue to be a widespread issue in 2024.

To make matters worse, the threat actors who employ ransomware are implementing new extortion tactics to encourage victims to pay up (complicating the FBI’s guidance on ransomware). Triple extortion, for example, occurs when attackers not only lock down the target system but also exfiltrate data and threaten to leak it online if the ransom is not paid. In truth, this scheme is just an extension of the double extortion tactic that’s been around for some time (in which attackers not only take the ransom payment but also sell the stolen data, regardless of whether they have been paid).

One unexpected and emerging tactic in the cyber threat landscape is the use of swatting to force ransomware victims to pay. Luckily, UDT’s security experts have stayed up to speed on this tactic and we’re here to offer insight into what it is and what you can do to protect yourself and your organization.

What is Swatting?

Simply put, swatting involves calling 911, local police, or other law enforcement to falsely report a crime is in progress (often something violent in nature) at the target individual’s home or organization’s address. Law enforcement, not knowing the call is fake, will then respond with extreme measures that often involve SWAT teams (hence the term, “swatting”) or armed raids. The result is that the target persons or organizations suddenly finds their location swarming with armed police, and in some cases, the outcome can be fatal.

The concept of swatting is not new. In fact, anyone who has played online video games in the last 15 years or so is probably already aware of its existence. The FBI first coined the term back in 2008. The first official trial for swatting happened in 2009, when Matthew Wegman, a blind 19-year-old hacker, pleaded guilty to charges of computer intrusion and witness intimidation related to a 2005 swatting incident. Wegman was sentenced to 11 years in federal prison.

While this first case wasn’t related to online gaming, many of the cases that followed were. By 2010, swatting had become a popular revenge tactic for online gamers who were angry at other players for various events, arguments, and/or perceived slights that happened in the game.

For example, in 2019, a 19-year-old gamer named Casey Viner was sentenced to 15 months in prison for his role in a swatting call that ended with police mistakenly killing a man in Kansas. Viner and two other defendants orchestrated the swatting call after an online argument with the victim, another gamer.

Needless to say, swatting is extremely dangerous to victims, but also to communities who rely on resources to respond to real in-progress crimes.

Why (and How) Are Ransomware Gangs Using Swatting?

As already stated, swatting has been around for a long time. So, why are ransomware gangs starting to use it more frequently? Well, the reason comes down to the ultimate goal of ransomware—to get the victim to pay the ransom. Since it’s now become common practice to NOT pay ransomware demands, threat actors have found that swatting is a good method for putting added pressure to comply.

You may be wondering how swatting can be used to do this. Well, they don’t use this tactic against the target organizations… they use it against their customers.

Take, for example, a recent series of ransomware attacks against medical institutions. The threat actors involved were able to extract patient information, including home addresses, from the target organizations when they successfully infected their systems with ransomware. When an institution failed to comply with their demands, they began running swatting attacks at the addresses of their patients (which they acquired during the ransomware infiltration), calling in everything from bomb threats to domestic violence and other alarming or violent crimes that would cause an armed response. As law enforcement began responding to these fake calls, the ransomware gang then informed the target institutions that they had done this and would continue to do so until the ransom was paid.

At the time of writing, no information is available to confirm whether this method resulted in any successful ransomware payments. But successful or not, the use of swatting definitely escalates and further exacerbates the dangers related to ransomware.

How to Protect Yourself and Your Organization from Swatting

Protecting yourself and your organization from swatting may seem difficult. However, it really comes down to safeguarding your personal and organizational information. Our experts recommend taking the following actions:

Use unique, strong passwords and don’t use the same password for multiple accounts.
Update your passwords regularly (about every 3-6 months).

Do not share your home address or other sensitive information on social media.
Always use multi-factor authentication (MFA) on all apps and websites when available.
Make use of biometric safeguards on your mobile devices when available.
Always keep your computers and mobile devices locked when not in use.

If you do fall victim to a swatting call, the best way to stay safe in the immediate moment is to comply with the orders of the responding law enforcement officers. Do not react violently or be confrontational. You’ve done nothing wrong, and the situation will be sorted out once the officers have cleared the scene to ensure it is safe.

Stay Vigilant

As with most cybersecurity threats, your best defense is to be aware, informed, skeptical, and vigilant (not paranoid). Always think before you click. Don’t share too much about yourself online or on social media, and especially safeguard your home address. It’s also critical to be aware of any security gaps in your organization’s protections.

Working with an expert partner can give you an edge in an increasingly sophisticated threat landscape. When you’re ready to discover how UDT’s cybersecurity experts can help, contact our team. Together, we’ll accomplish more.

Take The Quiz—What’s Your Security Risk Level?

New to cybersecurity or trying to improve your security posture? Take our brief quiz to understand how your organization might score when it comes to risk—and what to do about it.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

2024 Will Test Cybersecurity Leaders: Is Your Company Ready?

Experts say new AI-driven threats and an election year will spell trouble for companies.

K12 Budgeting: Planning Your 1:1 Device Refresh Program Cost

As K12 education evolves, managing 1:1 device programs effectively is crucial. These programs, providing each student with a personal computing device, play a pivotal role in modern education. Success demands strategic planning, communication, foresight, and a holistic approach to device management. With digital learning on the rise, these devices are more than just tools for accessing information; they are platforms for interactive, core learning experiences. However, funding remains a significant hurdle, making effective budgeting for your device refresh program essential for optimizing ROI and device longevity.

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.