Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Ransomware gang plans to call victim’s business partners about attacks

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments.

The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware.

As part of this deal, the REvil developers earn between 20-30% of ransom payments, and the affiliates make the remaining 70-80%.

To pressure victims into paying a ransom, ransomware gangs have increasingly turned to a double-extortion tactic, where attackers steal unencrypted files that they threaten to release if a ransom is not paid.

Now using VOIP calls and DDoS attacks

In February, the REvil ransomware operation posted a job notice where they were looking to recruit people to perform DDoS attacks and use VOIP calls to contact victims and their partners.https://www.ad-sandbox.com/static/html/sandbox.html

Today, a security researcher known as 3xp0rt discovered that REvil has announced that they were introducing new tactics that affiliates can use to exert even more pressure on victims.

These new tactics include a free service where the threat actors, or affiliated partners, will perform voice-scrambled VOIP calls to the media and victim’s business partners with information about the attack.

The ransomware gang is likely assuming that warning businesses that their data may have been exposed in an attack on of their partners, will create further pressure for the victim to pay.

REvil is also providing a paid service that allows affiliates to perform Layer 3 and Layer 7 DDoS attacks against a company for maximum pressure.

Forum post announcing new REvil extortion features
Forum post announcing new REvil extortion features

A Layer 3 attack is commonly used to take down the company’s Internet connection. In contrast, threat actors would use a Layer 7 attack to take down a publicly accessible application, such as a web server.

In October, we reported that the SunCrypt and Ragnar Locker ransomware operations had begun to use DDoS attacks against victims to pressure them to pay. In January 2021, the Avaddon ransomware gang began using this tactic as well, so it is not surprising to see other operations begin utilizing these attacks as well.

While VOIP calls to victims to exert pressure have been used by numerous ransomware operations, BleepingComputer is not aware of calls made to journalists or victim’s business partners.

Source: https://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The Ragnar Locker ransomware gang has claimed responsibility for an attack on Israel’s Mayanei Hayeshua hospital, threatening to leak 1 TB of data allegedly...

Cyber Security

A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Cyber Security

Website of Israel’s largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group’s cyber...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO