Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Delivering ransom notes to homes and fake extortion claims are part of a new suite of ransomware tactics.
Organisations across the Asia-Pacific and Japan region are improving their network defences, taking advantage of endpoint detection and response (EDR) platforms to cut off intrusions at the knees before ransomware and other malware can be deployed.
That news is, of course, welcome, but according to new research from Palo Alto Networks, ransomware operators and other cyber criminals are adapting to this evolution in hardened defences with more aggressive tactics of their own.
“We’re seeing a clear shift in how ransomware and extortion actors operate globally and across the Asia-Pacific and Japan region,” Philippa Cogswell – vice president and managing partner, Unit 42, Asia-Pacific and Japan, Palo Alto Networks – said in a statement following the release of the company’s Extortion and Ransomware Trends Report (Jan–Mar 2025).
“Attackers are shifting from traditional encryption tactics to more aggressive and manipulative methods, including false claims, insider access, and tools that disable security controls.”
Because of this increase, ransomware operators are shifting tactics, doing anything they can to secure a payday.
Many ransomware operators will claim they can be trusted because they need victims to believe that encrypted data will be restored and stolen data will be deleted, but plenty are resorting to lying and bullying to achieve their goals. They may use fake data in an extortion attempt or even send physical ransom notes to the homes of senior executives.
Additionally, with endpoint protection now more prevalent on target networks, hackers are turning to “EDR killers” to disable these systems entirely.
While traditional ransomware gangs have long relied upon extortion as their main tool of leverage, North Korean fake workers are now utilising the tactic to generate income for the rogue state. These workers, hiding behind AI-generated identities, steal proprietary data and demand payment to keep the data unpublished. In this case, not only are their wages going to DPRK coffers, but so are the ransom demands.
“These new and evolving tactics show just how critical it is for organisations to move beyond reactive defences and invest in security strategies that provide full visibility and rapid response across their environments,” Cogswell said.
You can read the full report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
