Deploying ransomware is one thing, but getting the victim to pay up is an entirely different matter. Now, a relatively new entrant to the ransomware (opens in new tab) game is using a unique new strategy to force its victims to cave in to demands.
As spotted by BleepingComputer, a data extortion gang that only recently added ransomware to its arsenal, called Industrial Spy, has started defacing the websites of attacked companies in order to pressure them into paying the ransom.
The group recently broke into the network of a French company named SATT Sud-Est, researchers from MalwareHunterTeam found, and encrypted everything it discovered on company endpoints (opens in new tab). Industrial Spy demanded $500,000 in exchange for the decryption key.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
Besides the usual methods of persuasion, the group also broke into the company’s website (which is almost never hosted on the same server as corporate data) and defaced the homepage, leaving the following message:
“Your business data has been compromised. More than 200GB of data will soon be released on the market. Please contact us to avoid your reputational risks.”
The site has since been shut down, but the message can still be seen on Google’s search engine results page.
> Most ransomware victims pay up, but many never recover their data (opens in new tab)
> Ransomware – a burgeoning geopolitical weapon? (opens in new tab)
> The US government is doing a really bad job of tracking ransomware (opens in new tab)
Due to the fact that breaking into the website requires additional effort (as well as extra malware (opens in new tab), most likely), it’s highly unlikely this method will grow into a full-blown trend. You never know, though.
Cybercriminal techniques have significantly evolved over the years. In the early days of ransomware, threat actors would just lock the files and demand money in exchange for the decryption key. When businesses started keeping updated backups, crooks started stealing data and threatening to release it online. When even that showed unsatisfactory results, they turned to DDoS attacks and threatening phone calls.
This is just another in a long line of methods, and sooner or later, there are bound to be new ones.
- Protect against attack with the best antivirus solutions right now (opens in new tab)
Via BleepingComputer (opens in new tab)