The illusion of good intentions

Issue 7 2023 Security Services & Risk Management

“Interacting with ransomware criminals should be exclusively handled by experts with proper training,” warns the well-known cybersecurity strategist Jon DiMaggio. DiMaggio issued this important cautionary advice while analysing the psychology of cyber criminals and the behaviours displayed by the founder of LockBit, a type of ransomware that encrypts data on target systems, making it inaccessible to the system and network resources.

Anna Collard.

Although this individual may come across as respectful and engaging, DiMaggio discovered that he exhibited narcissistic, sexist, and racist traits when communicating with others. “Numerous cybercriminals do not perceive themselves as being inherently malicious individuals,” notes Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA.

“It is called the neutralisation effect,” she explains. “What cybercriminals do, particularly with ransomware, is they neutralise perceptions of what they are doing by using business terminology. They refer to the companies they hack not as victims, but as customers. They pretend that what they are doing is good, claiming to help companies become more secure and offer a service.”

This is partly true. Cybercriminals sometimes offer advice to organisations on how to secure their environments and avoid future ransomware attacks. Some advertise the charities they support; others claim that a percentage of the funds received is donated for charitable purposes. However, these actions are merely tactics used by cybercriminals to justify their illegal activities. According to Collard, the Bonaci Group is an example of such behaviour. A cyber defence whitepaper examines their actions, revealing how they use business language and present themselves as benevolent, while “ignoring basic realities like law, mutual agreement, and the negative impact on society.”

“Another tactic they use is referred to as the ‘disinhibition factor’,” says Collard. “This factor highlights the lack of empathy people feel towards victims who are physically distant. This principle also applies to internet trolls and other negative individuals in the online realm, as they are detached from the direct consequences of their actions.”

This aligns with research that used the Elemental Psychopathy Assessment, which is based on the big five personality traits, to assess how psychopathy is associated with cyber offences. It revealed that individuals inclined towards cybercrime exhibited traits such as antagonism, narcissism, and disinhibition.

“The last really interesting trait is how arrogant the leaders of the cybercriminal groups can be,” says Collard. “In 2022, a researcher obtained access to the internal chats of a Ransomware-as-a-Service group called Yanluowang. It revealed a lot of insights about how these groups function and the individuals who control them. Notably, the LockBit group leader, recognised as one of the largest and most active groups, has given multiple interviews.”

Experts are finding that cybercriminals are arrogant, believing themselves to be superior and more knowledgeable than others. They are not afraid of law enforcement and think they cannot be caught. They also display narcissistic tendencies. The leader of LockBit, for instance, has openly expressed his lack of fear towards the government on multiple occasions. In fact, he has even initiated a LockBit tattoo campaign and a writing competition, demonstrating his bold and audacious behaviour.

“Mikhail Pavlovich Matveev, also known as Wazawaka, posted a picture of himself wearing snakeskin pants in a defiant gesture after the FBI offered a $10 million reward for information leading to his arrest,” says Collard. “There is the arrogance, the know-better-than-you attitude. Yet, when Jon DiMaggio engaged with the LockBit founder, it had little impact. These criminals are in it for the money. They may use these tactics to neutralise perceptions of their actions and portray themselves as virtuous, but ultimately, they are criminals.”

This is perhaps the strongest warning; the leaders of these groups are smart, arrogant and perfectly capable of bribing, scaring and intimidating people into doing what they want. If your business is hacked, do not engage – get a professional to step in and handle the negotiations, or things could very easily get worse.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

How to prevent and survive fires
Fire & Safety Security Services & Risk Management
Since its launch in August 2023, Fidelity SecureFire, a division of the Fidelity Services Group, has been making significant strides in revolutionising fire response services in South Africa.

A long career in mining security
Technews Publishing Editor's Choice Security Services & Risk Management Mining (Industry)
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Risk management: There's an app for that
Editor's Choice News & Events Security Services & Risk Management
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Integrated information platform for risk management
Editor's Choice News & Events Security Services & Risk Management
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Global Identity Fraud Report revealing eight-month ‘mega-attack’
Editor's Choice Security Services & Risk Management
AU10TIX recently released its Q4 Global Identity Fraud Report, with the research identifying two never-before-seen attack patterns, with the worst case involving 22 000+ AI-generated variations of a single U.S. passport.

Linking of security officers by security businesses
PSiRA (Private Security Ind. Regulatory Authority) News & Events Security Services & Risk Management
[Sponsored] By law, all security businesses are required to declare their employees to PSiRA so that they can be accounted for administratively. Failure to link employees by security businesses is a contravention of the Code of Conduct and a criminal offence.

AI augmentation in security software
Security Services & Risk Management AI & Data Analytics
The integration of AI technology into security software has been met with resistance. In this, the second of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.