Ransomware gangs now even call victims to meet demands: Report

San Francisco, December 5

Some ransomware groups have now resorted to cold-calling victims to pressure them into paying ransom demands if they come to know that the targeted organisations  were attempting restoration from backups, said a media report.

Some of the ransamware gangs that have used this tactic include Conti and Ryuk, a spokesperson for New Zealand-headquartered cybersecurity firm Emsisoft told ZDNet this week.

This is a new pressure-building tactic that these cybercriminals have started adopting.

Previously used tactics against victims include doubling the ransom demand in case of failure to pay the ransom in an allotted time, threatening the victim organisations that the  breach will be notified to a journalist, threatening leak of sensitive information, or actually starting the process of leaking information in a graded manner.

The trend of ransomware hackers cold-calling victims to harass them into pay appears to have started since at least August-September, according to a top executive at a leading incident  response and cyber security provider, Arete Incident Response, said the report.

An outsourced call centre group is suspected to be working for all the ransomware groups resorting to cold-calling, according to cyber-security firm Coveware.

Ransomware remained a persistent threat in the third quarter of this year, Emsisoft had earlier reported.

“Threat actors continued to favour post-compromise deployment, often spending significant time preparing the target environment and exfiltrating data before delivering the ransomware  payload,” the cybersecurity firm said in a blog post.

“We also saw more ransomware groups seek to weaponize stolen data, with threat actors such as Avaddon, Conti, DarkSide, SunCrypt and LockBit, among others, launching new data leak  sites this quarter,” it added.

In Q3, India topped the list of 10 countries that accounted for the most ransomware submissions, according to the Emsisoft report. — IANS