HomeCII/OTCybercriminals Targeting Disloyal Insiders with Ransom Notes

Cybercriminals Targeting Disloyal Insiders with Ransom Notes

Published on

spot_img

Ransomware actors have been observed using a new tactic in their ransom notes: posting advertisements to seek insider information. This revelation was made by researchers at the GroupSense threat intelligence team, who shared their findings with Dark Reading. The screenshots provided by the researchers showcased the strategies that these cybercriminal gangs, including Sarcoma and a group believed to be impersonating LockBit ransomware known as DoNex, are employing.

One such ransom note contained the customary details indicating the dire situation of the targeted company, the destruction of backups, and export of databases. However, a unique twist was added further down in the message – a call for insider information. The note stated, “If you help us find this company’s dirty laundry you will be rewarded. You can tell your friends about us. If you or your friend hates his boss, write to us and we will make him cry and the real hero will get a reward from us.”

In another ransom note, the threat actors enticed potential collaborators with promises of vast financial gain. The message read, “Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VP, corporate email, etc.”

Furthermore, the threat actors provided instructions on how interested parties could initiate communication and launch viruses on their work computers. The communication channel was through the Tox messenger, ensuring the users’ privacy is “guaranteed.”

Kurtis Minder, the CEO and founder of GroupSense, expressed surprise at this new development, noting that while the company regularly encounters ransom notes during incident response, it was only recently that the team noticed these “pseudo advertisements” at the bottom of the notes.

“I’ve been asking my team and kind of speculating as to why this would be a good place to put an advertisement,” Minder commented. “I don’t know the right answer, but obviously these notes do get passed around.” He suggested that these cybercriminals might have a casual attitude towards incorporating such ads into their ransom notes, with one group starting a new tactic prompting others to follow suit.

However, Minder cautioned individuals against entertaining offers from cybercriminals, emphasizing the high risks involved. “These folks have no accountability, so there’s no guarantee you would get paid anything,” he warned. Attempting to capitalize on such offers could have unfavorable outcomes.

GroupSense is currently reviewing past ransom notes to identify any earlier instances of this trend, with Minder anticipating the discovery of more advertisements in addition to those already found.

The rise of these new tactics in ransom notes comes amidst a surge in ransomware activity, with cyber attackers generating substantial profits despite increased law enforcement actions taken over the past year. The cybersecurity landscape continues to evolve, presenting new challenges for organizations and individuals to navigate the growing threats posed by malicious actors in the digital realm.

Source link

Latest articles

Meta’s Smart Glasses Will Disable Camera If Privacy LED Light Is Tampered With or Destroyed

Meta Enhances Privacy Measures for Smart Glasses Meta has recently announced a significant firmware update...

RedWing Android Spyware Rental Service Available on Telegram

RedWing: A New Threat in Android Spyware Linked to Russian Actors Recent investigations by security...

Vidar Stealer and XMRig Miner Operation

Cybercriminals Employ Dual-Monetization Tactics to Steal Data and Mine Cryptocurrency Recent research from Unit 42,...

Top 40 Major Cybersecurity Events of the Week, July 2026

Cybersecurity Newsletter Roundup: Major Incidents from July 6–10, 2026 In its latest edition, the GBHackers...

More like this

Meta’s Smart Glasses Will Disable Camera If Privacy LED Light Is Tampered With or Destroyed

Meta Enhances Privacy Measures for Smart Glasses Meta has recently announced a significant firmware update...

RedWing Android Spyware Rental Service Available on Telegram

RedWing: A New Threat in Android Spyware Linked to Russian Actors Recent investigations by security...

Vidar Stealer and XMRig Miner Operation

Cybercriminals Employ Dual-Monetization Tactics to Steal Data and Mine Cryptocurrency Recent research from Unit 42,...