Ransomware Gangs Are Now Cold-Calling Victims If They Restore From Backups Without Paying



iStock-602318992Catalin Cimpanu at ZDNet reported on another evil escalation in ransomware extortion tactics.  In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands.

"We've seen this trend since at least August-September," Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday. Ransomware groups that have been seen calling victims in the past include Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk, a spokesperson for cyber-security firm Emsisoft told ZDNet on Thursday.

"We think it's the same outsourced call center group that is working for all the [ransomware gangs] as the templates and scripts are basically the same across the variants," Bill Siegel, CEO and co-founder of cyber-security firm Coveware, told ZDNet in an email. Arete IR and Emsisoft said they've also seen scripted templates in phone calls received by their customers.

According to a recorded call made on behalf of the Maze ransomware gang, and shared with ZDNet, the callers had a heavy accent, suggesting they were not native English speakers.  The post has a redacted transcript of a call, provided by one of the security firms as an example, with victim names removed.

Another Escalation In Ransomware Extortion Tactics

The use of phone calls is another escalation in the tactics used by ransomware gangs to put pressure on victims to pay ransom demands after they've encrypted corporate networks.

Previous tactics included the use of ransom demands that double in value if victims don't pay during an allotted time, threats to notify journalists about the victim company's breach, or threats to leak sensitive documents on so-called "leak sites" if companies don't pay.

However, while this is the first time ransomware gangs have called victims to harass them into paying, this isn't the first time that ransomware gangs have called victims.

In April 2017, the UK's Action Fraud group warned schools and universities that ransomware gangs were calling their offices, pretending to be government workers, and trying to trick school employees into opening malicious files that led to ransomware infections.  Full story at ZDNet:

https://www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-paying/


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 21 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews