Ransomware gang now hacks firm websites to point ransom notes

Hacker showing his hand

The ransomware gang takes extortion to a model new stage by publicly hacking agency websites to publicly present ransom notes.

This new extortion approach was carried out by Industrial Spy, an data extortion gang that simply currently started using ransomware as part of their assaults.

As part of their assault, Industrial Spy will penetrate networks, steal data, and unfold ransomware on models. The danger actors then threaten to advertise the stolen data on their Tor market if a ransom is not going to be paid.

Industrial spy ransom note example
Industrial spy ransom phrase occasion
Provide: BleepingComputer

Damaging websites as part of data extortion

At current, Industrial Spy began selling data they declare was stolen from a French agency known as SATT Sud-Est for $500,000.

As security researchers first noticed Malware Hunter TeamThis assault stands out because of the chance actors have moreover hacked into the company’s site to point out a warning message that 200GB has been stolen and can possible be purchased immediately if the sufferer does not pay the ransom.

SATT Sud-Est tampered with to show ransom note
SATT Sud-Est tampered with to point ransom phrase
Provide: BleepingComputer

When ransomware gangs blackmail victims, they typically give them a quick timeframe, typically a few weeks, to barter and pay the ransom sooner than they start leaking data.

All through this negotiation course of, the chance actors promise to keep up the assault secret, current the decryption key, and delete all data if a ransom is paid.

After this period, danger actors will use a variety of methods to increase pressure, along with DDoS assaults on agency websites, emailing prospects and enterprise companions, and calling executives with threats.

These methods are all carried out specifically individual or with minimal publicity on their data leak web sites, which might be typically solely visited by cybersecurity researchers and the media.

However, that’s the major time we now have seen a ransomware gang tampering with websites to publicly present ransom notes.

Whereas this tactic is off the mark, it permits ransomware gangs to put further pressure on victims, as a result of it pushes the assault into the spotlight the place prospects and enterprise companions can additional merely see it.

However, it isn’t believed that this new tactic will possible be used broadly as web servers are sometimes not hosted on firm networks nonetheless reasonably with web internet hosting suppliers.

Subsequently, danger actors need to hunt down vulnerabilities in websites or obtain entry to credentials after they steal data from inside networks.

BleepingComputer has contacted SATT Sud-Est to confirm whether or not or not the assault was official nonetheless has obtained no response.

Leave a Comment