ZDNet reports that since August 2020, operators of some ransomware have been calling and threatening companies that have suffered from ransomware attacks but have decided not to pay the ransom to the attackers.
In an attempt to pressure victims, some ransomware gangs now call victims on their phones if they suspect a compromised company might try to restore data from backups and evade the ransom payment.According to experts from Emsisoft and Arete Incident Response, the malware operators Sekhmet (no longer active), Maze (no longer active), Conti and Ryuk are engaged in such “calls”.
Emsisoft and Arete Incident Response have noticed similar pattern similarities.
According to a recording of one such call, made on behalf of Maze operators, the caller had a strong accent and was clearly not native English speaker.
ZDNet provides an edited transcript of this call, released to journalists from one of the information security companies:
Apparently, phone calls are just another way to pressure victims to pay the ransom after data encryption. For the same purpose, hackers double the ransom amount if victims do not pay on time; threaten to notify the media of the attack and threaten to publish confidential data stolen from the company before encrypting.
However, while this is the first time ransomware gangs have called victims to harass them into paying, this isn’t the first time that ransomware gangs have called victims.
In April 2017, Action Fraud in Britain warned schools and universities that ransomware gangs could call in their offices impersonating government officials and trying to trick school staff into opening malicious files that lead to ransomware infections.
Let me remind you that recently Egregor ransomware attack disrupted public transport in Vancouver, and Ragnar Locker attacked Capcom corporation.