Cybercrime is very much a psychological game and ransomware is no exception.
Psychology plays a major role in nearly all aspects of ransomware from the instant an attack is launched, to the moment the victim pays—or sometimes refuses to pay—said ransom.
The Psychology of Ransomware Distribution
Ransomware is mainly distributed through instant messages, phishing emails, and text messages.
Distributors of the ransomware use psychological tactics intended to create a sense of urgency, forcing the victim to click a malicious attachment or link.
This preys on a person’s natural emotions, specifically fear.
Victims are told they may lose access to an account; that an unauthorized payment has been made, for example.
These statements purposefully scare victims into clicking and getting hit with a dose of ransomware.
Ransomware distributors also understand victim’s base desires. They know full well that most folks would love an easy path to fame, money, or free merch and they further create phony offers to capitalize on this tendency of human nature.
The Psychology of Ransomware Demands
Ransomware demands rely mainly on the fear of losing precious data.
Ransomware infections are often noticed when access to data is required. Rather than seeing the files in question a ransom message is then displayed. Fear is also used liberally in ransom messages that display warnings of illegal or even embarrassing behaviors.
Those accused of a crime from fake FBI warnings or messages regarding watching porn are quick to seek help from others.
Why you ask? Because they fear that their activities would be put under a microscope and that potential family, friends, or coworkers will think less of them.
Ransomware also uses clever tactics that further breed anxiety such as assigning specific deadlines to the ransom payments. TruCrypt ransomware, for example, demands a ransom payment within three days. After that, they say, the recovery keys would be no longer be available.
Some have taken a different approach. CryptMix, a ransomware released earlier this year, promised to donate ransoms to charity if victims paid their hefty demand of five bitcoins to decrypt data. When faced with a tough decision, people want to know that they are doing the right thing and CryptMix cynically allows victims to believe – falsely – that they are assisting someone in the process.
Ransomware distributors know how to push our collective psychological buttons.
That’s why it is important to prepare yourself psychologically for a ransomware attack as well as for the phishing messages that are typically used to distribute said ransomware. Take the time to consider fully reading instant messages, emails, and SMS text messages before downloading software or clicking links.