Tag Archive for: extortion

Ransomware gang’s new extortion trick? Calling the front desk

/in


When a hacker called the company that his gang claimed to breach, he felt the same way that most of us feel when calling the front desk: frustrated.

The phone call between the hacker, who claims to represent the ransomware gang DragonForce, and the victim company employee was posted by the ransomware gang on its dark web site in an apparent attempt to put pressure on the company to pay a ransom demand. In reality, the call recording just shows a somewhat hilarious and failed attempt to extort and intimidate a company’s rank-and-file employees.

The recording also shows how ransomware gangs are always looking for different ways to intimidate the companies they hack.

“It’s increasingly common for threat actors to make contact via telephone, and this should be factored into organizations’ response plans. Do we engage or not? Who should engage? You don’t want to be making these decisions while the threat actor is listening to your hold music,” said Brett Callow, a threat analyst at Emsisoft.

In the call, the hacker asks to speak with the “management team.” Instead, two different employees put him on hold until Beth, from HR, answers the call.

“Hi, Beth, how are you doing?” the hacker said.

After a minute in which the two have trouble hearing each other, Beth tells the hacker that she is not familiar with the data breach that the hacker claimed. When the hacker attempts to explain what’s going on, Beth interrupts him and asks: “Now, why would you attack us?”

“Is there a reason why you chose us?” Beth insists.

“No need to interrupt me, OK? I’m just trying to help you,” the hacker responds, growing increasingly frustrated.

The hacker then proceeds to explain to Beth that the company she works for only has eight hours to negotiate before the ransomware gang will release the company’s stolen data.

“It will be published for public access, and it will be used for fraudulent activities and for terrorism by criminals,” the hacker says.

“Oh, OK,” says Beth, apparently nonplussed, and not understanding where the data is going to be.

“So it will be on X?” Beth asks. “So is that Dragonforce.com?”

The hacker then threatens Beth, saying they will start calling the…

Source…

Zoomer Hackers Shut Down the Biggest Extortion Ring of All

/in


Linda Witzal runs a small independent pharmacy that caters exclusively to about 1,200 residents of New Jersey senior living facilities. Virtually all the revenue she takes in comes, ultimately, from the government. In a simpler time, she billed New Jersey Medicaid directly for most of her patients. “When I started in this business, I was 28 years old, and New Jersey was actually very easy to get on the phone back then,” Witzal, now in her early sixties, recalls.

Three and a half decades later, there’s a whole legalized extortion ring that small pharmacies like Witzal’s need to pay off to access Medicare and Medicaid funds, a symptom of the middleman creep in the pharmaceutical transaction chain. Standing between pharmacies and reimbursement checks for the drugs they dispense include the administrators of managed care programs, the tyrannical triumvirate of dominant pharmacy benefit managers that represent about 85 percent of all health plans, and Change Healthcare, the electronic data clearinghouse—or “switch,” as pharmacists call them—she uses to access the computer ecosystems of these middlemen. Until last week, Witzal viewed Change as one of the least-bad gatekeepers in the pharmacy business, though that was starting to change in the aftermath of its 2022 acquisition by UnitedHealth Group, the $372 billion Minnesota health care leviathan, which axed hundreds of tech and call center employees immediately after closing the deal. “It was getting harder and harder to get someone on the phone,” she says.

Then just over a week ago, Change abruptly shut down for Witzal and 67,000 other pharmacies it services. The company, it turned out, had been attacked by an extortion ring of its own, a hacker UnitedHealth initially identified in a Securities and Exchange Commission filing as a “suspected nation-state-associated cyber security threat actor” but has since emerged as the ransomware gang BlackCat/ALPHV, whose affiliates cybersecurity experts have previously described as native English speakers from predominantly “Western countries” between the ages of 17 and 22.

More from Maureen Tkacik

Ransomware gangs, which brought in a record $1.1 billion in…

Source…

Fileless, Double Extortion, AI and More — Virtualization Review

/in


News

Ransomware in 2024: Fileless, Double Extortion, AI and More

Ransomware in 2024 will be much like ransomware in 2023 except for a few new twists that organizations should be aware of.

Along with “traditional” ransomware attacks, the threat actors are continually upgrading their game with new approaches, technology and techniques.

To help organizations get a handle on the primary security threat of our times, experts Dave Kawula and John O’Neill Sr. recently presented an online summit titled “2024 Ransomware Outlook,” which is now available for on-demand replay.

Relatively new ransomware techniques such as double extortion, Ransomware-as-a-Service (RaaS), fileless ransomware, Living-off-the-Land (LotL) attacks and more were discussed by Kawula, managing principal consultant at TriCon Elite Consulting, and O’Neill Sr., chief technologist at AWS Solutions. Both are on the front lines of the cybersecurity wars, continually helping organizations protect themselves or recover from attacks.

Here’s a summary of their thoughts on a couple ransomware concerns in 2024.

Double Extortion
This technique is a more complex and aggressive form of cyberattack compared to traditional ransomware. In a double extortion attack, cybercriminals not only encrypt the victim’s data, rendering it inaccessible, but also steal sensitive information before encrypting it.


Double Extortion </figcaption> </figure></div>
[Click on image for larger view.] Double Extortion

Key aspects of this technique include:

  • Data Encryption and Theft: The first step involves infiltrating a victim’s network and encrypting crucial data. Simultaneously, the attackers exfiltrate, or steal, sensitive data from the victim.
  • Dual Threat: Victims face two threats — the encryption of their data and the potential leak of their stolen information. This double threat significantly increases the pressure on the victim to pay the ransom.
  • Ransom Demands: The attackers demand a ransom payment to decrypt the stolen data….

Source…

Strategies for Businesses in the Phase of Growing Cyber Extortion Threats

/in


In the rapidlyadvancing digital age, businesses find themselves in an ongoing struggle against an invisible adversary called ransomware attacks. As cyber threats become more sophisticated and frequent, organizations are under increasing pressure to fortify their defenses and develop robust strategies to counter the growing menace of cyber extortion.

Ransomware, malicious software designed to block access to a computer system or files until a ransom is paid, has evolved into a pervasive and lucrative method for cybercriminals to exploit vulnerabilities in organizational networks. The consequences of falling victim to such attacks go beyond financial losses, encompassing severe operational disruptions, reputational damage, and compromised sensitive data. In fact, human error stands out as a primary entry point for ransomware attacks.

Therefore, in order to mitigate the risk, organizations are investing in comprehensive cybersecurity awareness training for employees. They are educating staff about the dangers of phishing emails and suspicious links, as well as the importance of robust password practices to reduce the risk of falling victim to ransomware.

Mr. Pallav Agarwal, Founder and CEO, HTS Solutions Pvt. Ltd., believes that ransomware resilience has become a significant concern as businesses navigate an era marked by escalating cyber threats. The growing sophistication of cybercriminals demands a proactive approach to safeguarding sensitive data and critical systems. As a result, in order to combat the menace of ransomware, businesses must adopt multi-faceted strategies. This is where updating and patching software, operating systems, and security applications regularly surfaced as significant ways to close the potential entry point for ransomware attackers.

Automated patch management systems streamline this process, ensuring timely updates and a more secure digital infrastructure. Furthermore, putting strong endpoint security in place—including cutting-edge antivirus and anti-malware software—offers a crucial line of defense against constantly changing cyber threats. Having current, safe backups is crucial in case of a ransomware attack. Thus, by regularly backing up important…

Source…