Approaching Ransomware Victims Privately



Approaching Ransomware Victims PrivatelyResearchers at KELA warn that ransomware gangs are increasingly refraining from mentioning their victims’ names after the initial attack, giving the victims a chance to pay up before the attack is publicized. This puts an additional layer of pressure on the victim to pay quickly, because it may allow them to avoid the reputational damage that’s among the biggest threats a victim faces. If the victim refuses to pay, the attackers can then publish their name and threaten to release the stolen data.

“KELA observed a few ransomware groups using relatively new intimidating methods which include publishing a victim without mentioning the company’s name,” the researchers write. “For example, Midas published a few victims claiming ‘a new company’ as their victim on their data leak site. If the victim did not pay, Midas would edit the post and add the victim's name. Lorenz ransomware gang adopted the same practice and published a ‘new target company’ on their ransomware blog. Additionally, Everest data leak site operators used the same method: a Canada-based supplier was listed with a threat to leak 96 gigabytes of the company's data, including over 10,500 personal records of Canadian citizens.”

The prolific ransomware gang Conti has adopted a similar tactic, using hidden blog posts to threaten the victims.

“In comparison to Everest and Lorenz who maintain ambiguity regarding victims’ names, Conti’s leaked chats showed that the gang prepared hidden blog posts about victims that can be accessed only via a specific URL,” KELA says. “The actors share this hidden blog post with a victim to intimidate them by showing how easily the victim’s data can be accessed. If a victim agrees to pay, the post is never released; if the negotiation fails, the blog becomes publicly accessible, and the victim’s name is disclosed.”

New-school security awareness training can give your employees an essential layer of defense against ransomware attacks by teaching your employees to thwart phishing and other social engineering attacks.

BleepingComputer has the full story.


A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever

RogerMasterClass-FeatureImage (1) (1)
Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4,  for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware. You'll learn:

  • How to detect ransomware programs, even those that are highly stealthy 
  • Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)
  • The policies, technical controls, and education you need to stop ransomware in its tracks
  • Why good backups (even offline backups) no longer save you from ransomware

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/ransomware-master-class

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews