Disgruntled Employees to Deploy Ransomware – Krebs on Security

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

Image: Abnormal Security.

Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.

This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub.

“According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote.

Abnormal Security documented how it tied the email back to a young man in Nigeria who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram.

Image: Abnormal Security.

Reached via LinkedIn, Sociogram founder Oluwaseun Medayedupin asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were an inaccuracies in Hassold’s report.

“Please don’t harm Sociogram’s reputation,” Medayedupin pleaded. “I beg you as a promising young man.”

This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. While multi-million dollar ransomware payments are hogging the headlines, by far the biggest financial losses tied to cybercrime each year stem from so-called Business Email Compromise (BEC) or CEO Scams, in which crooks mainly based in Africa and Southeast Asia will spoof communications…

Source…