The psychology of cybercriminals continues to be an intriguing aspect of discussions surrounding cyber crime.
“Interacting with ransomware criminals should be exclusively handled by experts with proper training,” warns the well-known cybersecurity strategist Jon DiMaggio. DiMaggio issued this important cautionary advice while analysing the psychology of cybercriminals and the behaviours displayed by the founder of LockBit, a type of ransomware that encrypts data on target systems, making it inaccessible to the system and network resources.
Although this individual may come across as respectful and engaging, DiMaggio discovered that he exhibited narcissistic, sexist, and racist traits when communicating with others. “Numerous cybercriminals do not perceive themselves as being inherently malicious individuals,” notes Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA.
“It is called the neutralisation effect,” she explains. “What cybercriminals do, particularly with ransomware, is they neutralise what they are doing by using business terminology. They refer to the companies they hack not as victims, but as customers. They pretend that what they are doing is a good thing, claiming to help companies become more secure and offering a service.”
This is partly true. Cybercriminals sometimes offer advice to organisations on how to secure their environments and avoid future ransomware attacks. Some advertise the charities they support; others claim that a percentage of the funds received is donated for charitable purposes. However, these actions are merely tactics used by cybercriminals to justify their illegal activities. According to Collard, the Bonaci Group is an example of such behaviour. A cyber defence whitepaper examines their actions, revealing how they use business language and present themselves as benevolent, while “ignoring basic realities like law, mutual agreement, and the negative impact on society”.
Another tactic they use is referred to as the “disinhibition factor” says Collard. “This factor highlights the lack of empathy people feel towards victims who are physically distant. This principle also applies to internet trolls and other negative individuals in the online realm, as they are detached from the direct consequences of their actions.”
This aligns with research that used the Elemental Psychopathy Assessment, which is based on the Big Five personality traits, to assess how psychopathy is associated with cyber offences. It revealed that individuals inclined towards cyber crime exhibited traits such as antagonism, narcissism, and disinhibition.
“The last really interesting trait is how arrogant the leaders of the cybercriminal groups can be,” says Collard. “In 2022, a researcher obtained access to the internal chats of a Ransomware-as-a-Service group called Yanluowang. It revealed a lot of insights around how these groups function and the individuals who control them. Notably, the leader of the LockBit group, which is recognised as one of the largest and most active groups, has given multiple interviews.”
Experts are finding that cybercriminals are arrogant, believing themselves to be superior and more knowledgeable than others. They are not afraid of law enforcement and think they cannot be caught. They also display narcissistic tendencies. The leader of LockBit, for instance, has openly expressed his lack of fear towards the government on multiple occasions. In fact, he has even initiated a LockBit tattoo campaign and a writing competition, demonstrating his bold and audacious behaviour.
“Mikhail Pavlovich Matveev, also known as Wazawaka, posted a picture of himself wearing snakeskin pants in a defiant gesture after the FBI offered a $10 million reward for information leading to his arrest,” says Collard. “There is the arrogance, the know-better-than-you attitude. Yet, when Jon DiMaggio engaged with the LockBit founder, it had little impact. These criminals are in it for the money. They may use these tactics to neutralise their actions and portray themselves as virtuous, but ultimately, they arecriminals.”
This is perhaps the strongest warning: the leaders of these groups are smart, arrogant and perfectly capable of bribing, scaring and intimidating people into doing what they want. If your business is hacked, do not engage – get a professional to step in and handle the negotiations or things could very easily get worse.
