Some ransomware operators are now calling and threatening their victims

Ransomware operators calling their victims
Written by Emma Davis

ZDNet reports that since August 2020, operators of some ransomware have been calling and threatening companies that have suffered from ransomware attacks but have decided not to pay the ransom to the attackers.

In an attempt to pressure victims, some ransomware gangs now call victims on their phones if they suspect a compromised company might try to restore data from backups and evade the ransom payment.

According to experts from Emsisoft and Arete Incident Response, the malware operators Sekhmet (no longer active), Maze (no longer active), Conti and Ryuk are engaged in such “calls”.

We believe that the same call center is working for all [hack groups] in outsourcing, because templates and call scenarios are almost always the same.says the head of information security company Coveware.

Emsisoft and Arete Incident Response have noticed similar pattern similarities.

According to a recording of one such call, made on behalf of Maze operators, the caller had a strong accent and was clearly not native English speaker.

ZDNet provides an edited transcript of this call, released to journalists from one of the information security companies:

We know there is a third-party IT company operating on your network. We continue to monitor and know that you are installing SentinelOne antivirus on all of your computers. But you should know that it won’t help. If you want to stop wasting time and want to recover your data this week, we recommend that you discuss this situation with us in the chat, otherwise the problems with your network will never end.

Apparently, phone calls are just another way to pressure victims to pay the ransom after data encryption. For the same purpose, hackers double the ransom amount if victims do not pay on time; threaten to notify the media of the attack and threaten to publish confidential data stolen from the company before encrypting.

However, while this is the first time ransomware gangs have called victims to harass them into paying, this isn’t the first time that ransomware gangs have called victims.

In April 2017, Action Fraud in Britain warned schools and universities that ransomware gangs could call in their offices impersonating government officials and trying to trick school staff into opening malicious files that lead to ransomware infections.

Let me remind you that recently Egregor ransomware attack disrupted public transport in Vancouver, and Ragnar Locker attacked Capcom corporation.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply