{"id":6565,"date":"2026-01-15T06:45:00","date_gmt":"2026-01-15T06:45:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6565"},"modified":"2026-01-15T06:45:00","modified_gmt":"2026-01-15T06:45:00","slug":"ransomware-gangs-extort-victims-by-citing-compliance-violations","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6565","title":{"rendered":"Ransomware gangs extort victims by citing compliance violations"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/563507\/what-is-ransomware-how-it-works-and-how-to-remove-it.html\">Ransomware attacks<\/a> remain among the most common attack methods. As recent analyses show, cyber gangs are increasingly threatening their victims with reporting violations of regulations such as the GDPR to supervisory authorities.<\/p>\n<p>Researchers at the security provider Akamai have observed an increasing trend in this tactic over the past two years. As an example, the security vendor points to ransomware group Anubis. Its members reportedly focus primarily on industries with high compliance risks, such as healthcare. The notorious\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/2139658\/new-ransomhub-ransomware-gang-has-ties-to-older-knight-group.html\" target=\"_blank\" rel=\"noopener\">Ransomhub<\/a>\u00a0gang also allegedly employs this method, explicitly encouraging its partners to threaten hacked companies with regulatory penalties.<\/p>\n<h2 class=\"wp-block-heading\">Consequences for companies<\/h2>\n<p>\u201cThis puts companies under a double pressure that is almost impossible to manage,\u201d Klaus Hild, manager of solution engineering for enterprise at SailPoint, explained to CSO. They have to weigh the risk of paying ransoms against potentially ruinous penalties and reputational damage. \u201cThis \u2018compliance extortion\u2019 is no longer a theoretical threat \u2014 it has become standard practice for ransomware cartels,\u201d Hild added.<\/p>\n<p>Tim Berghof, security evangelist at G DATA, confirmed to CSO that while this approach is technically just an extension of the \u201cindustry-standard\u201d double extortion, it can have massive consequences. \u201cEven if a complaint turns out to be unfounded, official investigations generate attention, tie up resources, and potentially become public,\u201d he said.<\/p>\n<h2 class=\"wp-block-heading\">AI amplifies attacks<\/h2>\n<p>Hild points to another problem: \u201cAI-powered tools dramatically accelerate these attacks. Criminals can now screen stolen documents for \u2018material\u2019 compliance violations within hours of a data breach \u2014 faster and more accurately than many companies can audit their own systems.\u201d<\/p>\n<p>The SailPoint specialist explains: \u201cThey create detailed, legally sound complaints for authorities and set tight deadlines. With new regulations like\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/570091\/eus-dora-regulation-explained-new-risk-management-requirements-for-financial-firms.html\" target=\"_blank\" rel=\"noopener\">DORA<\/a>\u00a0in the EU and stricter SEC reporting requirements, the arsenal of these extortionists is constantly growing.\u201d<\/p>\n<p>Berghoff summarizes: \u201cThe question remains which has the less severe consequences for companies: a self-report or an anonymous report to the relevant authority by a group of criminals. Since there is still a great deal of uncertainty surrounding compliance in some areas, threats involving authorities potentially fall on fertile ground.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Ransomware attacks remain among the most common attack methods. As recent analyses show, cyber gangs are increasingly threatening their victims with reporting violations of regulations such as the GDPR to supervisory authorities. Researchers at the security provider Akamai have observed an increasing trend in this tactic over the past two years. As an example, the [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":6566,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6565","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6565"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6565"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6565\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6566"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}