Some Ransomware Gangs Are Now Phoning Victims Who Restore from Backups To Shake Them Down Further

So say you’re a company that got hit by ransomware. You make the correct decision to not pay the scumbags and you restore from known to be good backups. The world is great right?

Well, it is until you get a phone call from the ransomware gang.

In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands. “We’ve seen this trend since at least August-September,” Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday…

“We think it’s the same outsourced call center group that is working for all the [ransomware gangs] as the templates and scripts are basically the same across the variants,” Bill Siegel, CEO and co-founder of cyber-security firm Coveware, told ZDNet in an email. Arete IR and Emsisoft said they’ve also seen scripted templates in phone calls received by their customers.

The use of phone calls is another escalation in the tactics used by ransomware gangs to put pressure on victims to pay ransom demands after they’ve encrypted corporate networks. Previous tactics included the use of ransom demands that double in value if victims don’t pay during an allotted time, threats to notify journalists about the victim company’s breach, or threats to leak sensitive documents on so-called “leak sites” if companies don’t pay.

This is why companies need to employ firms like Mandiant to find out how the scumbags got in and force them out. That would make calls like this a joke. What would also help is if there is a blanket ban in places like US, Canada, UK, Germany and the like on paying ransoms. That would make ransomware attacks less viable.

Leave a Reply

%d bloggers like this: