Tuesday , September 10 2024

These ransomware attacks are actually completely fake

A cybercriminal outfit is posing as well-known ransomware gangs in order to extort money from US companies.

Since March, the group, known as Midnight, has impersonated other gangs in emails sent to US companies, instructing them to pay up or have their data leaked.

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Read More
Hacker to exploite GeoServer Vulnerability to Deploy Malware

IMB unveils multiple vulnerabilities in it’s webMethods Integration

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands...
Read More
IMB unveils multiple vulnerabilities in it’s webMethods Integration

Progress LoadMaster exposed to a critical 10/10 vulnerability

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
Read More
Progress LoadMaster exposed to a critical 10/10 vulnerability

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

The threats are completely empty, though, as no malware tools are used to encrypt or steal data. At worst, the group will instigate DDoS attacks to give the impression that a more serious attack is taking place, but the companies’ endpoints remain safe throughout.

The group is hoping to leech off of the recent successes of various ransomware groups, where big firms have incurred serious data leaks at their hands, with the aim of scaring other companies into blindly coughing up for fear of becoming the latest victim.

However, in the same email, they also said they were the Surtr group – known for the Ransomware as a service (RaaS) tool of the same name, whose developers may have once belonged to the REvil ransomware group that was taken down by law enforcement last year, but has since made a comeback.

In another email to another company, Midnight claimed they had stolen 600 gigabytes (GB) worth of data and again demanded a ransom. However, they sent the email to a senior partner who had left the company over six months ago.

Investigators at risk consultants Kroll found a marked increase in the number of emails companies were receiving purportedly from SRG.

“This method is cheap and easily conducted by low-skilled attackers… The scam relies on social engineering to extort victims by placing pressure on the victim to pay before a deadline,” they said.

They added that “We expect this trend to continue indefinitely due to its cost effectiveness and ability to continue to generate revenue for cybercriminals.”

Kroll investigators noted that such fake emails have been occurring since 2019, as have the DDoS attacks that ensue when companies refuse to pay a ransom.

Incidence response firm Arete added that Midnight seemed to be gong after companies that had already suffered a real ransomware attack, and that their ransom emails contained allusions to the real attacks to bolster their authenticity.

In some cases, Arete found that Midnight targeted undisclosed victims of real attacks, potentially indicating that the group is in collusion with genuine ransomware gangs. It is also possible that they ascertained this information from illicit forums where gangs discuss and post about their attacks and victims.

The advice to businesses is to carefully analyze for their veracity any phantom incident extortion (PIE) emails received, and to dismiss them if they appear anything less than the real thing, as, in that instance, they will more than likely be phishing attempts

Check Also

Microsoft azure

Microsoft Confirms Outage Was Triggered By Cyberattack

Microsoft Azure suffered an outage on July 30 due to a cyberattack known as a …

Leave a Reply

Your email address will not be published. Required fields are marked *