Stooping to further moral degradation, some ransomware gangs are now cold-calling victims in a bid to direct pressure on them. They do it when cyber actors realize that victims might restore from backups and keep away from paying the ransom.
Evgueni Erchov says that it has been the trend since at least from August to September during this year. He is the director of IR and cyber threat intelligence at Arete Incident Response.
Why are they doing this? The Cold-calling tactic aims to force the hacked company to pay the ransom in place of seeking other options. Some of the cyber gangs that have called their victims are Sekhmet, Maze, Conti, and Ryuk.
The call-center to make cold-calling
It is possible that all ransomware gangs use the same call center. It is likely since the templates and scripts used are alike across all the variations received.
The callers have a heavy accent, hinting they were non-native English speakers. It came to light according to a recorded call made in the name of the Maze ransomware gang.
Evolution in ransomware extortion tactics
With time, ransomware extortion tactics have evolved.
Initially, the demands were usually to increase the ransom amount when victims did not pay in an allotted time. Likewise, threats used to come from cyber gangs to notify journalists regarding the breach of the victim’s company.
However, the use of cold-calling is a new addition to the arsenal used by ransomware gangs. They are trying to increase pressure on victims to pay ransom demands following successful malicious encryption.
Remember, it is true cyber threat actors are now making calls for ransom paying, but the calling action is not new. For example:
In April 2017, the Action Fraud group in the UK informed educational institutes that ransomware gangs were calling their headquarters. They pretended to be government employees and persuaded the institutes’ representatives to open malicious files.
For any company, the security of internal sensitive data is the most critical element. Breaching of such data can cause irreversible damage to the reputation of the company. Consequently, data breach response should come immediately within 24 hours after the discovery of it.