Wednesday , January 22 2025

These ransomware attacks are actually completely fake

A cybercriminal outfit is posing as well-known ransomware gangs in order to extort money from US companies.

Since March, the group, known as Midnight, has impersonated other gangs in emails sent to US companies, instructing them to pay up or have their data leaked.

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The...
Read More
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Daily Security Update Dated: 21.01.2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 21.01.2025

126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems

Ubuntu 22.04 LTS users are advised to update their systems right away due to a crucial security patch from Canonical...
Read More
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems

CERT-UA alerts about “security audit” requests through AnyDesk

Attackers are pretending to be Ukraine's Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are...
Read More
CERT-UA alerts about “security audit” requests through AnyDesk

Oracle Critical Pre-Release update addressed 320 flaw

Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this...
Read More
Oracle Critical Pre-Release update addressed 320 flaw

OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the...
Read More
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out...
Read More
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Intel holds 22 employees from one Bangladeshi University

Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and...
Read More
Intel holds 22 employees from one Bangladeshi University

VPN Surge 1500% in USA after TikTok Shut Down

vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues....
Read More
VPN Surge 1500% in USA after TikTok Shut Down

MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded...
Read More
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

The threats are completely empty, though, as no malware tools are used to encrypt or steal data. At worst, the group will instigate DDoS attacks to give the impression that a more serious attack is taking place, but the companies’ endpoints remain safe throughout.

The group is hoping to leech off of the recent successes of various ransomware groups, where big firms have incurred serious data leaks at their hands, with the aim of scaring other companies into blindly coughing up for fear of becoming the latest victim.

However, in the same email, they also said they were the Surtr group – known for the Ransomware as a service (RaaS) tool of the same name, whose developers may have once belonged to the REvil ransomware group that was taken down by law enforcement last year, but has since made a comeback.

In another email to another company, Midnight claimed they had stolen 600 gigabytes (GB) worth of data and again demanded a ransom. However, they sent the email to a senior partner who had left the company over six months ago.

Investigators at risk consultants Kroll found a marked increase in the number of emails companies were receiving purportedly from SRG.

“This method is cheap and easily conducted by low-skilled attackers… The scam relies on social engineering to extort victims by placing pressure on the victim to pay before a deadline,” they said.

They added that “We expect this trend to continue indefinitely due to its cost effectiveness and ability to continue to generate revenue for cybercriminals.”

Kroll investigators noted that such fake emails have been occurring since 2019, as have the DDoS attacks that ensue when companies refuse to pay a ransom.

Incidence response firm Arete added that Midnight seemed to be gong after companies that had already suffered a real ransomware attack, and that their ransom emails contained allusions to the real attacks to bolster their authenticity.

In some cases, Arete found that Midnight targeted undisclosed victims of real attacks, potentially indicating that the group is in collusion with genuine ransomware gangs. It is also possible that they ascertained this information from illicit forums where gangs discuss and post about their attacks and victims.

The advice to businesses is to carefully analyze for their veracity any phantom incident extortion (PIE) emails received, and to dismiss them if they appear anything less than the real thing, as, in that instance, they will more than likely be phishing attempts

Check Also

U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports

The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link …

Leave a Reply

Your email address will not be published. Required fields are marked *