Ransomware groups are causing problems for the cybersecurity community by spreading fake breach claims, experts warn, and the threat is only expected to grow in the coming months. It seems that all a ransomware group needs to do is post a claim of breaching an organization on the dark web and the narrative takes off, leading to a full-blown cyber investigation, even if no actual breach has occurred. Ransomware expert Yelisey Bohuslavskiy with RedSense points to two recent incidents involving Technica and Europcar as prime examples. Ransomware group ALPHV claimed to have stolen classified information from Technica, a government IT contractor, while an anonymous person offered to sell data from car rental company Europcar on the dark web.
The allegations of a Technica breach, if true, could pose a serious national security threat to the US, given the sensitive nature of the organization’s work. However, there is no credible evidence that Technica was ever compromised beyond a few screenshots shared by ALPHV. In the case of Europcar, the company flatly denied any breach and pointed out that the sample data shared in the dark web forum was clearly faked. These incidents highlight the growing trend of misinformation being spread by ransomware groups as they vie for attention and clout in the cybercrime world.
Bohuslavskiy explains that ransomware operators are resorting to false claims in response to the success of cybersecurity defenses and the decline in their operations. With their ego and aspirations of social status at stake, they are resorting to tactics such as spreading false information to gain recognition and notoriety. This trend is further fueled by the willingness of the cybersecurity community, particularly English speakers, to amplify these messages, thereby making them seem more believable. Ransomware groups are also refining their media and public relations techniques, courting interviews with journalists and collaborating to share business tips, as noted by researchers at Dragos in their recent ransomware report.
It is important for enterprise cybersecurity teams to be aware of the new ransomware misinformation communications strategy in order to respond effectively. The spread of false ransomware claims poses a significant challenge to cybersecurity professionals, as the misinformation is not easily refuted once it has gained traction. As ransomware groups become increasingly sophisticated in their methods, the cybersecurity community must also adapt in order to effectively combat this growing threat.