Ransomware crooks now emailing customers of their victims

Ransomware crooks are seeking to raise the pressure on organisation’s they’ve hit by emailing the organisation’s own customers, asking them to demand the organisation pay a ransom, else the customer’s own data will be leaked.

The evolution of ransomware over the years has been as fascinating as it has been alarming. And the tactics these cyber crooks are using is continuing to progress as they look for new and different ways to pressure companies into paying large ransom fees.

We’ve already recently talked about how ransomware crooks have increased their ransom demands during 2020. And now if the first quarter of 2021 is any indication, this particular type of computer crime is only going to get much worse.

In March 2021, it was reported how a ransomware gang known as “clop” have not only been targeting organisations with ransomware infections, but they were also emailing threats to that organisation’s own customers about it.


Sponsored Content. Continued below...




Let’s briefly recap how we got to this point.

In the early days of ransomware, an infection wouldn’t do anything to the files stored on a computer or network. Instead it would just lock the person out of the computer and demand they pay a ransom to regain access. While many did indeed pay, what they should have done was simply launch their computer in Safe Mode and use antivirus software to remove the infection, thus restoring access.

However ransomware really started to up-the-ante when successful infections encrypted the files (like text documents, videos, photos, spreadsheets etc.) and demanded a ransom for the decryption key. For many early strains of ransomware that did this, there were often decryption tools available from the “good guys”. But for more advanced strains, the encryption techniques they employed were too strong, and restoring from a backup would be required. If there was no backup, the options were to lose all your files or pay the ransom.

But still ransomware crooks didn’t stop there. After all, all a person or organisation needed was a current backup and they could scoff at the ransom demands, remove the infection and restore their files from the backup. So the crooks increasingly crept towards extortion and blackmail. And now not only were ransomware infections now encrypting an organisation’s file, but also stealing them as well. And now the ransomware infection would be followed by threats to release sensitive information – including customer data – to the public unless the ransom was paid.

More recently, not only have the crooks been threatening to release sensitive information, they have also been emailing journalists about their activities. Just in case the infected organisation thought they might be able to sweep the intrusion under the carpet.

And now, it appears, not only are ransomware crooks installing ransomware, encrypting files, stealing those same files, threatening to release them and emailing journalists about their exploits, they are now emailing the organisation’s customers directly and asking them to apply pressure to the organisation to pay the ransom. After all, if the organisation doesn’t pay up, it’s those customers that may very well see their data leaked online.


Sponsored Content. Continued below...




Flagstar Bank, the University of Colorado and a maternity clothing store have all reportedly seen their customers or users emailed directly by ransomware crooks in this manner.

It seems the ransomware trade is increasingly moving away from their flagship activities of encrypting files and relying more and more heavily on outright extortion. We’ve stolen your sensitive data, and unless you pay us money we’ll release it to everyone.

It’s perhaps possible the emphasis placed on encrypting data – which is how ransomware got its reputation – is lessening over time, as the crooks may think they have uncovered the true Achilles heel of their targets.

Remember…
Teaching employees about harmful email attachments and good password habits, keeping your software up-to-date and not using unsupported software, effective security software for your organisation’s network and maintaining a current and separate back-up remain among the most effective methods of protecting yourself against ransomware infections.