The new face of ransomware gangs
Challenge to corporations: ransomware gangs go corporate
Ransomware hackers are changing their tactics, adopting an almost corporate approach to the media. Some groups, such as Royal, the Play, and RansomHouse, actively seek to correct false information about them and put pressure on their victims by publicly exposing them.
The ransomware landscape is experiencing a transformation: cybercriminals are no longer just shadowy figures hiding behind disturbing aliases, but now take an almost corporate approach to their relationship with the media. According to a recent report from Sophos “They are using tactics that go beyond technical hacking to influence the information sphere as well,” comments Christopher Budd, director of threat intelligence at Sophos X-Ops.
Blackmail with a public image
Hacker groups specializing in ransomware are implementing a more refined public image, making use of direct communication channels such as Telegram and web pages with contact forms and FAQs. With these moves, they seek to put pressure on victims by exposing them to the public and their business partners, with the risk that internal documents of the affected companies will be exposed online, as reported in a Royal ransom note analyzed by Sophos.
Extreme pressure tactics from hackers
Hacker tactics range from media attention to extreme moves, as demonstrated by the ALPHV group (also known as BlackCat), which filed an official complaint with the US Securities and Exchange Commission criticizing a victim for failing to timely report a ransomware attack . Although the new regulations were not yet active, the incident gained widespread media attention.
Analysts in the guise of attackers
Not all ransomware groups take this new media approach lightly. Groups known for their aggressiveness, such as Cl0p and LockBit, instead communicated in a more hostile manner. Although some of these behaviors may appear childish, in some cases they showed remarkable professionalism. For example, in response to initially erroneous information about the MGM attack, ALPHV issued a 1,300-word statement that could be equated with technical analyzes published by security firms. “They adopt in their communication principles that we use every day in the cybersecurity space,” concludes Budd.
Follow us on Facebook for more pills like this12/13/2023 12:36
Marco Verro