HomeCII/OTCybercriminals Targeting Disloyal Insiders with Ransom Notes

Cybercriminals Targeting Disloyal Insiders with Ransom Notes

Published on

spot_img

Ransomware actors have been observed using a new tactic in their ransom notes: posting advertisements to seek insider information. This revelation was made by researchers at the GroupSense threat intelligence team, who shared their findings with Dark Reading. The screenshots provided by the researchers showcased the strategies that these cybercriminal gangs, including Sarcoma and a group believed to be impersonating LockBit ransomware known as DoNex, are employing.

One such ransom note contained the customary details indicating the dire situation of the targeted company, the destruction of backups, and export of databases. However, a unique twist was added further down in the message – a call for insider information. The note stated, “If you help us find this company’s dirty laundry you will be rewarded. You can tell your friends about us. If you or your friend hates his boss, write to us and we will make him cry and the real hero will get a reward from us.”

In another ransom note, the threat actors enticed potential collaborators with promises of vast financial gain. The message read, “Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VP, corporate email, etc.”

Furthermore, the threat actors provided instructions on how interested parties could initiate communication and launch viruses on their work computers. The communication channel was through the Tox messenger, ensuring the users’ privacy is “guaranteed.”

Kurtis Minder, the CEO and founder of GroupSense, expressed surprise at this new development, noting that while the company regularly encounters ransom notes during incident response, it was only recently that the team noticed these “pseudo advertisements” at the bottom of the notes.

“I’ve been asking my team and kind of speculating as to why this would be a good place to put an advertisement,” Minder commented. “I don’t know the right answer, but obviously these notes do get passed around.” He suggested that these cybercriminals might have a casual attitude towards incorporating such ads into their ransom notes, with one group starting a new tactic prompting others to follow suit.

However, Minder cautioned individuals against entertaining offers from cybercriminals, emphasizing the high risks involved. “These folks have no accountability, so there’s no guarantee you would get paid anything,” he warned. Attempting to capitalize on such offers could have unfavorable outcomes.

GroupSense is currently reviewing past ransom notes to identify any earlier instances of this trend, with Minder anticipating the discovery of more advertisements in addition to those already found.

The rise of these new tactics in ransom notes comes amidst a surge in ransomware activity, with cyber attackers generating substantial profits despite increased law enforcement actions taken over the past year. The cybersecurity landscape continues to evolve, presenting new challenges for organizations and individuals to navigate the growing threats posed by malicious actors in the digital realm.

Source link

Latest articles

Hackers infiltrate Microsoft IIS services through Cityworks RCE vulnerability

Hackers have successfully exploited a critical vulnerability in Cityworks deployments, a software used for...

Information about Home Office Apple iCloud access and FBI message scam alert

The UK Home Office, a government body overseeing key functions such as immigration, national...

Top 5 NIS2 Compliance Software and Solution Providers from heimdalsecurity.com

The Network and Information Systems Directive 2 (NIS2) has been officially implemented by the...

Challenges of balancing AI personalization and voter privacy in political campaigns

Researcher Mateusz Łabuz, from the IFSH, recently shared insights in a Help Net Security...

More like this

Hackers infiltrate Microsoft IIS services through Cityworks RCE vulnerability

Hackers have successfully exploited a critical vulnerability in Cityworks deployments, a software used for...

Information about Home Office Apple iCloud access and FBI message scam alert

The UK Home Office, a government body overseeing key functions such as immigration, national...

Top 5 NIS2 Compliance Software and Solution Providers from heimdalsecurity.com

The Network and Information Systems Directive 2 (NIS2) has been officially implemented by the...