[ad_1]
Image: Jim Reardan
In an attempt to put pressure on victims, some ransomware gangs are now insulting victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands.
“We have observed this trend since at least August-September,” said Yevgeny Erchov, director of IR and cyber threat intelligence at Arete Incident Response. ZDNet Friday.
Ransomware groups that have been seen calling victims in the past include Sekhmet (now gone), Labyrinth (now gone), Conti, and Ryuk, said a spokesperson for cybersecurity firm Emsisoft ZDNet Thursday.
“We think it’s the same group of outsourced call centers that works for all [ransomware gangs] because the models and scripts are basically the same in the variants, ”said Bill Siegel, CEO and co-founder of cybersecurity firm Coveware. ZDNet in an email.
Arete IR and Emsisoft said they have also seen script patterns in phone calls received by their customers.
According to a recorded call made on behalf of the Maze ransomware gang and shared with ZDNet, the callers had a strong accent, suggesting that they were not native English speakers.
Below is a redacted transcript of a call, provided by one of the security companies as an example, with the names of the victims deleted:
“We know that a third-party IT company is working on your network. We continue to monitor and know that you install SentinelOne antivirus on all of your computers. But know that it won’t help you. If you want to stop wasting your time and recover your data this week, we recommend that you discuss this situation with us in the chat or the problems with your network will never end. “
Another escalation in ransomware extortion tactics
The use of phone calls is another escalation in tactics used by ransomware gangs to pressure victims to pay ransom demands after encrypting corporate networks.
Previous tactics have included the use of ransom demands that double in value if victims do not pay within a specified time frame, threats to inform journalists of the victim’s corporate violation, or threats to release sensitive documents on so-called “leak sites” if companies don’t. does not pay.
However, while this is the first time that ransomware gangs have called victims to trick them into paying, it is not the first time that ransomware gangs have called victims.
In April 2017, UK group Action Fraud warned schools and universities that ransomware gangs were calling their offices, posing as government officials, and trying to trick school workers into opening malicious files that led to ransomware infections.
[ad_2]
Source link