The Darkside ransomware operators are now offering to tip off unscrupulous stock traders before they post the names of publicly traded victim companies, the Record reports. The criminals believe this will put more pressure on the victims to pay up. Recorded Future’s Dmitry Smilyanets told the Record that this is the first time a ransomware crew has explicitly made this part of their strategy.
“While other ransomware families previously discussed how to leverage the effect of a publicly disclosed cyber attack on the stock market, they have never made it their official attack vector,” Smilyanets said. “DarkSide becomes the first ransomware variant to make it formal.”
Allan Liska, also from Recorded Future, said that criminals are adapting to victims being less willing to pay ransom. A similar phenomenon occurred over the past two years when ransomware operators began stealing data and threatening to release it if the ransom wasn’t paid.
“We have anecdotal evidence that fewer people are paying ransom, which means ransomware actors have to find new ways to extort money from victims,” Liska said. “We saw that with threats of DDoS attacks last year but those didn’t really seem to work so they are looking for other ways.”
Liska is skeptical that this new technique will be effective, tweeting that “most companies don’t take a noticeable hit in their stock price after a ransomware attack - at least not long term.”
The Record also notes that “any large short bets are most likely to be picked up and investigated by the Securities and Exchange Commission or other regulatory bodies, and not many traders are likely to take up Darkside’s offer for such minimal gains and maximum regulatory risks.”
Cybercriminals are constantly changing their techniques to increase the success of their attacks. New-school security awareness training can give your employees an essential layer of defense against ransomware attacks by teaching your employees how to recognize social engineering attacks.
The Record has the story.