Adversaries to call business partners as part of the next-level ransomware

Adversaries to call victims’ business partners as part of the next-level game-changers in ransomware

March 03, 2021

 

As published by BleepingComputer, in an attempt to pressure their victims into paying ransom, the ransomware gang REvil, also known as Sodinokibi, has announced its plan to call victim’s business partners as well as the media, threatening to release harmful and sensitive materials if the ransom is not paid.

The REvil ransomware operation is a ransomware-as-a-service (RaaS), where the ransomware operators develop the malware and payment site, earning between 20-30% of the payment, and their affiliates who deploy the ransomware, earn the remaining amount.

These new extortion tactics and others were announced by REvil a month ago, and include a free service where threat actors or affiliates conduct VoIP calls to the media or to the victim’s business partners informing them of the attack with the purpose of increasing probability of the ransom being paid.

In addition, REvil provides a paid service that allows affiliates to perform Layer 3 and Layer 7 DDoS attacks, whereby taking down the company’s internet connection.

 

 

It is noteworthy that although in recent months there has been a growing number of instances of ransomware operators using DDoS attacks against victims with the purpose of pressuring them into paying, no instances of calls to media or to business partners of victims have been recorded to date.

Read more on the top ransomware attacks identified during 2020 and other insights on cyber-security in our blog.

 

Follow Us on Facebook for the latest news and insights on cybersecurity. 

Stay Safe with TrustNet!