These ransomware attacks are actually completely fake
Date:
Mon, 03 Apr 2023 15:00:22 +0000
Description:
New criminal gang is looking to fool companies into believing their data has been stolen, when in fact nothing has happened.
FULL STORY ======================================================================
A cybercriminal outfit is posing as well-known ransomware gangs in order to extort money from US companies.
Since March, the group, known as Midnight, has impersonated other gangs in emails sent to US companies, instructing them to pay up or have their data leaked.
The threats are completely empty, though, as no malware tools are used to encrypt or steal data. At worst, the group will instigate DDoS attacks to
give the impression that a more serious attack is taking place, but the companies' endpoints remain safe throughout. Praying on fears
The group is hoping to leech off of the recent successes of various
ransomware groups, where big firms have incurred serious data leaks at their hands, with the aim of scaring other companies into blindly coughing up for fear of becoming the latest victim.
In one case, the group has been seen impersonating the Silent Ransom Group, a data theft gang who have targeted large organizations such as weapons manufacturers, software companies and even an NBA team.
However, in the same email, they also said they were the Surtr group - known for the Ransomware as a service (RaaS) tool of the same name, whose
developers may have once belonged to the REvil ransomware group that was
taken down by law enforcement last year, but has since made a comeback .
In another email to another company, Midnight claimed they had stolen 600 gigabytes (GB) worth of data and again demanded a ransom. However, they sent the email to a senior partner who had left the company over six months ago.
Investigators at risk consultants Kroll found a marked increase in the number of emails companies were receiving purportedly from SRG.
This method is cheap and easily conducted by low-skilled attackers... The
scam relies on social engineering to extort victims by placing pressure on
the victim to pay before a deadline," they said.
They added that "We expect this trend to continue indefinitely due to its
cost effectiveness and ability to continue to generate revenue for cybercriminals."
Kroll investigators noted that such fake emails have been occurring since 2019, as have the DDoS attacks that ensue when companies refuse to pay a ransom.
Incidence response firm Areteadded that Midnight seemed to be gong after companies that had already suffered a real ransomware attack, and that their ransom emails contained allusions to the real attacks to bolster their authenticity. Read more
Most ransomware victims pay up, but many never recover their data
The 10 worst ransomware attacks ever
You're a ransomware victim: Here's 5 things you should do
In some cases, Arete found that Midnight targeted undisclosed victims of real attacks, potentially indicating that the group is in collusion with genuine ransomware gangs. It is also possible that they ascertained this information from illicit forums where gangs discuss and post about their attacks and victims.
The advice to businesses is to carefully analyze for their veracity any phantom incident extortion (PIE) emails received, and to dismiss them if they appear anything less than the real thing, as, in that instance, they will
more than likely be phishing attempts. These are the best secure email providers to keep your conversations private
======================================================================
Link to news story:
https://www.techradar.com/news/these-ransomware-attacks-are-actually-completel y-fake
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)