As if having your system breached and your data stolen weren’t bad enough, now you might face a threatening phone call from the cyber-thieves if you don’t meet their demands.
“In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands,” according to the anti-phishing site KnowBe4, which has been tracking the trend since August and believes the bad actors are using an outsourced call center for their misdeeds.
“According to a recorded call made on behalf of the Maze ransomware gang, and shared with ZDNet, the callers had a heavy accent, suggesting they were not native English speakers,” writes Stu Sjouwerman for KnowBe4. “The post has a redacted transcript of a call, provided by one of the security firms as an example, with victim names removed.”
Want to learn how well-being can take your practice to the next level? Attend our FREE, one-hour CLE webinar “Zen and the Art of Practicing in a Pandemic” on December 15. Attorney and licensed therapist Michael Kahn, host of the “Thriving Lawyer” podcast, will offer practical tips on ethics, mindfulness and work/life balance. Sign up here.
Here are some other takeaways from the KnowBe4 article:
- Using phone calls is another escalation in the tactics used by ransomware gangs to put pressure on victims to pay ransom demands after they’ve encrypted corporate networks.
- Previous tactics included the use of ransom demands that double in value if victims don’t pay during an allotted time, threats to notify journalists about the victim company’s breach, or threats to leak sensitive documents on so-called “leak sites” if companies don’t pay.
- This is the first time ransomware gangs have called victims to harass them into paying, but not the first time ransomware gangs have called victims.
- In April 2017 in the UK, ransomware gangs called into school s and universities, pretending to be government workers and trying to trick school employees into opening malicious files that led to ransomware infections.
Read more here.
KnowBe4 Ransomware Simulator Tool
Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s RanSim gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 20 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.
- 100% harmless simulation of real ransomware and cryptomining infections
- Does not use any of your own files
- Tests 21 types of infection scenarios
- Just download the install and run it
If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay on top of ethics and risk management news by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.