The U.S. Federal Bureau of Investigation (FBI) has released an alert that warns private industry in the country about incidents of harassment of victims made by ransomware gangs, such as the well-known Doppelpaymer group.
FBI Is Aware of Cold-Calling Tactics by Ransomware Gangs
According to a PIN (private industry notification) alert regularly sent to U.S. companies to inform them about the latest updates in the cybersecurity sphere, shared by Zdnet, the FBI has been aware of incidents since February 2020, where Doppelpaymer has cold-called companies to intimidate victims by demanding them to pay a crypto ransom.
The intimidation, which had escalated to rude language, includes threats to send individuals to the victims’ homes if they don’t pay for the demanded money in the ransomware attack deployed by the gang.
The FBI describes Doppelpaymer as a group of threat actors that often demand between six and seven-figure ransoms in bitcoin during their attacks. If victims don’t pay, then they start to exfiltrate part of the stolen data and make “follow-on telephone calls to victims to further pressure them to make ransom payments.”
Zdnet said that a similar tactic was used by other now-defunct ransomware groups, such as Sekhmet and Maze.
Usually, the group of hackers targets healthcare sectors, emergency, and education across the globe, but they’ve been heavily active since June 2019, said the Bureau.
In the alert, there is a recall of an incident related to Doppelpaymer and its cold-calling tactics to harass victims:
In one case, an actor, using a spoofed US-based telephone number while claiming to be located in North Korea, threatened to leak or sell data from an identified business if the business did not pay the ransom. During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee’s home address. The actor also called several of the employee’s relatives.
Ransomware Attacks Are Becoming ‘Increasingly Problematic’
Brett Callow, threat analyst at malware lab Emsisoft, told news.Bitcoin.com that ransomware “continues to become increasingly problematic.”
The malware lab commented the following on its latest findings in the Q3 report about ransomware attacks in 2020:
Ransomware remained a persistent threat in Q3 2020. Threat actors continued to favor post-compromise deployment, often spending significant time preparing the target environment and exfiltrating data before delivering the ransomware payload. We also saw more ransomware groups seek to weaponize stolen data, with threat actors such as Avaddon, Conti, Darkside, Suncrypt and Lockbit, among others, launching new data leak sites this quarter.
Are the authorities starting to take ransomware attacks more seriously? Let us know in the comments section below.
Image Credits: Shutterstock, Pixabay, Wiki Commons