Intimidation Tactics: Ransomware Cyber Gangs Now Call Their Victims

Cyber gangs use a number of tactics to intimidate their targets into paying their ransoms. Victims are often threatened or blackmailed via email into doing what these cybercriminals want. 

Most recently, these cyber gangs are using a new medium to carry out this intimidation method: calling their victims. They make these calls after they successfully infect a company’s system with ransomware. 

Keep reading to find out more about this new intimidation tactic as well as how to defend yourself against ransomware cyber attacks.

Ransomware Victims May Receive Threatening Calls Now

The ransomware cyber gang, DoppelPaymer, first appeared in 2019 and continued to victimize companies throughout 2020. DoppelPaymer’s ransom demands range in size but still pose a significant problem for companies. They threaten to publicize companies’ sensitive data on their leak site to further coerce companies into paying up. 

In November 2020, the cyber gang released its ransomware onto one of Foxconn’s facilities. Before that, they “encrypted about 1,200 servers, stole 100 GB of unencrypted files, and deleted 20-30 TB of backups”. They asked for 1804 bitcoins as ransom from the company. 

It is unclear whether Foxconn received a call from DoppelPaymer. But, after this happened, the FBI confirmed that DoppelPaymer had started calling victims after unleashing ransomware on their systems. This act aims to coerce and intimidate their victims into meeting their ransom demands.

Other ransomware cyber gangs, like those responsible for Conti ransomware, also use this intimidation tactic now. 

For instance, in September 2020, a Georgia dental practice was attacked by the Conti cyber gang. They had observed some abnormalities within their system, which led them to clear their server and then restore everything from backups. Only then did they receive an intimidating call from the cyber gang. Before that, they had not realized they were a victim of a cyberattack.  

So, What To Do If This Happens To You?

First things first – stay calm. It can be very stressful to find yourself on the end of a menacing phone call demanding ransom. But it’s important to remain calm even if the cybercriminal says they know where you live. 

Many security professionals believe that a lot of these calls from cyber gangs actually originate from overseas call centers. This minimizes the likelihood of physical interaction. There is even some evidence to suggest that multiple ransomware cyber gangs use the same call center. This is because many of them seem to use the same templates and scripts when they call the victims of their attacks.

But, in the unfortunate event that you are targeted by a ransomware attack, you should go to your local police or RCMP branch immediately. You should do this even if you don’t receive a call from the cybercriminals responsible. 

Authorities also advise that you shouldn’t give in to the ransom demands because the cyber gang may not even release or delete your data afterward. 

Protect Your Business From Ransomware Cyber Gangs

Here are some measures that your company should take to help keep you safe from cyberattacks:

• Use privileged account access. Give your employees or users the minimum amount of access they need to do their jobs/tasks.
• Disable any remote access to your network that is not necessary. On devices where remote access is required, make sure that it is properly secured. 
• Track all network traffic, systems, and resources to identify and report any suspicious activities or transactions that occur.
• Put multi-factor authentication in place for employees.
• Use enhanced passwords. These should be unique and contain at least 8 characters as well as numbers, letters, and symbols.
• Educate and train your employees on cybersecurity and best practices so they know how to protect themselves and the company. It’s critical that they are cautious of suspicious emails and links. 
• Keep your software and firmware up to date in order to patch any security vulnerabilities 
• Create and store backups in a separate network location.
• Run tests on your system. “Penetration” tests can help you to identify any gaps or weaknesses in your system’s security so that you can fix them. 
• Check if you have Cyber Liability insurance. It’s good to know your coverage in case you do fall victim to ransomware or other cyberattacks.

If you follow the above practices and focus enough resources on cybersecurity, you will minimize the risk of attacks on your company. MicroAge can help. Contact us today.