Ransomware attacks turn into phone threats of violence on victims and their relatives

attacker pressuring victim to pay ransom
  • Ransomware attackers are cold calling victims and their relatives with threats of sending bandits to home of victim and their relatives.
  • Implement Cyber security recommendations to minimize negative financial and reputation impacts

According to Zdnet, ransomware gangs have a new trick up their sleeve - cold calling ransomware victims (companies and individuals) using the phone to threaten them into paying their ransom demands since February 2020. 

These phone threats were first pioneered by the DoppelPaymer ransomware gang but now several other ransomware gangs such as sekhmet, maze, conti and ryuk are adopting similar tricks to increase pressure on their victims. According to the FBI report, the DoppelPaymer ransomware infects a broad range of industries placing demands of between six and seven-figure ransoms in bitcoin. 

The DoppelPaymer attack was the culprit in the death of a patient in a ransomware attack that paralyzed services at a German hospital in September 2020. The hospital could not function after systems and data were encrypted. Due to the unavailable services, a patient requiring emergency help was redirected to another far-off facility 20 miles away which caused the patient to die on the way. 

The ransomware attackers withdrew ransomware demands and provided decryption keys upon learning their ransomware was endangering patient lives and the German authorities  did not attribute the patients death on ransomware attackers.

How do ransomware phone threats operate? 

Following a DoppelPaymer ransomware infection, the attackers copy the victims data to another location before activating the ransomware on the victim systems. Thereafter the attackers make phone calls to intimidate and threaten ransomware victims and their relatives:

"In one case an actor, using a spoofed US-based telephone number while claiming to be located in North Korea, threatened to leak or sell data from an identified business if the business did not pay the ransom. During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee's home address. The actor also called several of the employee's relatives."

To minimize the threat of ransomware attacks, the FBI recommends:

  • taking backups and unplugging them from the network 
  • regular audit of publicly accessible user accounts for remote monitoring and management
  • setting alerts for large amounts of data leaving the organization 
  • applying two-factor authentication tokens to be received via text/sms rather than email, considering email may already be in the hands of the attacker
  • restricting rights to your precious data to only those with need to do their tasks.
Bottom line
Ransomware attacks are increasing with the attackers increasing finding ways to coerce their victims to pay their demands. Authorities recommend that victims do not pay ransoms as this fuels the attackers business in profiting from their illicit business. Individuals and businesses need to take simple cyber hygiene measures, such as backups, restricting access and regular audits to minimize severe impact of ransomware attacks on their organizations.

Read more:

15 ways to securely protect your data online from malicious hackersTo pay or Not to Pay 

Ransomware: Reasons 15 Companies paid to Restore Data

Phishers Dream Email tool used to Embed Ransomware in Danish Company

Data Stealing Malware and how Business can Protect Against it

CISSP Masters Degree: Where to start with CISSP Certification

Comments