Tuesday, December 8, 2020

RansomWare Criminals are Cold-Calling Victims to Threaten Them if Victim Restores from Backups

Here's an interesting twist to a security story...

As I've said here before, probably the best defense against the scourge of RansomWare is the smart use of frequent accurate and verified backups.  If someone manages to penetrate your network and encrypt your server hard drive, all you have to do is format the drive and restore from a backup.

As people began to be better prepared against attacks, cyber criminals began to up their game.  They began trying to apply pressure to victims by copying critical and confidential files which they then threatened to publish if the ransom wasn't  paid.  Some criminals even went so far with healthcare attacks to notify the proper authorities of a HIPAA breach.

However, now comes word that RansomWare purveyors are actually using call centers to contact victims to convince them to pay.  It seems to be a concept that several criminal groups have come up with and they are all using the same outsourced call center.  This is believed because the scripts used by different "brands" or RansomWare have the call center using the same script when calling.

When answering the  phone, victims hear this banter, "We are aware of a 3rd party IT company working on your network.  We continue to monitor and know that you are installing SentinelOne antivirus on all your computers.  But you should know that it will not help.  If you want to stop wasting your time and recover your data this week, we recommend that you discuss this situation with us in the chat or the problems with your network will never end."

I'll state here that IF you cannot get them out of your network, yes, the problems will most likely continue until the criminals choose to stop mucking around in there.  However, if you can format drives and remove them, then this is pretty much an empty threat.

I feel one of the most important take aways here is that social engineering is a huge part of this problem.  Usually criminals get inside a network through phishing or spear phishing attacks which truly work from the social engineering aspect to get targeted individuals to click on links or attachments.  Now, criminals are using the human voice and the aspect of person to person phone calls to increase pressure that might not be nearly as effective if applied by another email.

It's important to have your Admin Team properly trained to not fall prey to these types of attacks AND to have reliable backups at the ready.

1 comment:

  1. I'm so sick of hearing about Dental offices getting compromised, losing their data, or holding it for ransom. There *are* solutions out there. I'm not going to spam my company out, but we have a 100% success rate in recovering from CryptoLocker and the ability to detect it in most cases before it steals your data. Go find a *competent* IT company to protect your data.