WTF?! As awful as ransomware attacks are, perpetrators have found a way of making them even worse: psychologically attacking victims to make them hand over their money. One of these methods involves calling company executives from phone numbers belonging to their children.

Speaking at a Google Security Threat Intelligence Panel at this year’s RSA Conference in San Francisco (via The Reg), Charles Carmakal, CTO of Google-owned cybersecurity firm Mandiant, said, “We saw situations where threat actors essentially SIM swap the phones of children of executives, and start making phone calls to executives, from the phone numbers of their children.”

Carmakal noted the psychological dilemma of seeing an incoming phone call from your child only to answer and hear a stranger’s voice. “Sometimes, it’s caller ID spoofing. Other times, we see demonstrated SIM swapping family members,” he said.

Ransomware gangs have evolved over the years from deploying malware that encrypts files to also stealing them and threatening to publish sensitive data online if demands are not met. These types of operations made more than $1 billion in 2023, explaining why they remain so popular among criminals.

One of the worst parts about ransomware is the fact that many hackers use it to target healthcare facilities such as hospitals. These incidents can threaten the security of sensitive information, extend patients’ hospital stays, and even place people’s lives at risk, meaning targets are more likely to pay up.

According to technology research provider Omdia, the healthcare sector suffered 241 cyberattacks during the first nine months of 2023. That’s over 100 more than the government (147) and almost three times more than software, hardware, and IT services (91).

Law enforcement repeatedly tells victims of ransomware attacks to not pay any ransom money as there’s no guarantee the perpetrators will hand over the decryption key. Doing so also marks the organization as one that is willing to pay, encouraging others, or even the same criminals, to launch new attacks.

The SIM swapping/ID spoofing highlights how ransomware gangs are starting to focus more on people rather than faceless organizations in the hope they will feel pressured to hand over the crypto payments. “It’s less about ‘do I need to protect my customers?’ But more about ‘how do I better protect my employees and protect the families of employees?’ That’s a pretty scary shift,” said Carmakal. “There are a few threat actors that really have no rules of engagement in terms of how far [they] try to coerce victims.”

The good news is that ransomware operators face harsh prison sentences. A REvil hacker was recently sentenced to 13 years behind bars and ordered to pay a $16 million fine. There was also the case of a LockBit ransomware group member who got four years and was fined $635,000.