Some Ransomware Gangs Are Going After Top Execs To Pressure Companies Into Paying (zdnet.com) 31
A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain "juicy" information that they can later use to pressure and extort a company's top brass into approving large ransom payouts. From a report: ZDNet first learned of this new tactic last week during a phone call with a company that paid a multi-million dollar ransom to the Clop ransomware gang. Similar calls with other Clop victims and email interviews with cybersecurity firms later confirmed that this wasn't just a one-time fluke, but instead a technique that the Clop gang had fine-tuned across the past few months.
The technique is an evolution of what we've been seen from ransomware gangs lately. For the past two years, ransomware gangs have evolved from targeting home consumers in random attacks to going after large corporations in very targeted intrusions. These groups breach corporate networks, steal sensitive files they can get their hands on, encrypt files, and then leave ransom notes on the trashed computers. In some cases, the ransom note informs companies that they have to pay a ransom demand to receive a decryption key. In case data was stolen, some ransom notes also inform victims that if they don't pay the ransom fee, the stolen data will be published online on so-called "leak sites."
The technique is an evolution of what we've been seen from ransomware gangs lately. For the past two years, ransomware gangs have evolved from targeting home consumers in random attacks to going after large corporations in very targeted intrusions. These groups breach corporate networks, steal sensitive files they can get their hands on, encrypt files, and then leave ransom notes on the trashed computers. In some cases, the ransom note informs companies that they have to pay a ransom demand to receive a decryption key. In case data was stolen, some ransom notes also inform victims that if they don't pay the ransom fee, the stolen data will be published online on so-called "leak sites."
Re: (Score:2)
I nominate Jack Dorsey and Jeff Bezos for the beta test.
Re: (Score:2)
Why, what are they going to do? Post pictures of Bezos and his paramour again? Who cares. Now Parler's metadata, that would be valuable. And a story was just posted to slashdot about someone who scraped their site and has all their metadata primed for use by the FBI. And to think he's not even squeezing the little weenies on Parler to stop him, what nerve.
Wow not sure (Score:2)
If you are connected to the internet (Score:2)
Re: (Score:2)
Some OS seem more open to compromise and hacking than others.
Only seen Linux machines taken that were running ancient php and skanky libraries. My own BSD and Linux servers never owned, been pretty good about keeping up with patching.
Re: (Score:2)
It would be pointless for a bad guy to look for applications that a few people use, then try to privilege-escalate from the application to the system, when by the time they are enumerating applications they already know you have system-level hole. It would just be a big waste of time. If you are vulnerable at the system level, I'm not going walk right past an easy system ownage to go look up each of the your applications. I'm just gonna walk through the first and most valuable door I find open - the syst
Re: (Score:2)
> It is rare nowadays for the OS to have any real direct exposure for attack
Check the news on patch Tuesday. Any patch Tuesday.
Schneier does an article late in th day each month covering the different ways to exploit Windows that month.
Just FYI ND fair warning - you really don't want to try to argue this with me.
If you think you want to look smart, they way to avoid ending up looking like a complete moron is quit now, before you end up looking like a total moron.
Re: (Score:3)
I don't need to "get out more", I admin hundreds of systems in a place with over a billion dollars in revenue. I patch and harden. You need to get out more if you think Windows OS security vulnerabilities outside of apps aren't a problem, the list of them is a mile long.
Re: (Score:2)
Depends on how big of a target you have on your back.
If you are a big target you should be really suspicious if you aren't finding compromises and cleaning them up before they do real damage.
Re: (Score:2)
My employer is massive target, but load balancers with WAF block all manner of attempts, tens of thousands per day. Only issues of actual compromise were ancient "billboard" systems not behind that. Finding compromises in patched and web app firewalled system? Doesn't seem to be common.
Re: (Score:3)
Two weeks ago I would have been able to say that in two decades of running Windows servers that I've never had one pwnd, but then our test box got hit with Solar Winds' issues so that's out the window now.
Patching is key (Score:3)
> My own BSD and Linux servers never owned, been pretty good about keeping up with patching.
Those security updates make a big difference.
When security updates are released, such as on patch Tuesday, that announcement is read totally differently by two different groups of people:
You read it as updates you need to install to be safe
Thousands of script kiddies read it as "here's how to hack the systems this week".
I don't get it (Score:2)
Here's a better idea (Score:3)
I've got a better idea.
1.Get access to the devices of a company's CxO suite.
2.Lock them all, leave them locked for a month or 2.
3. Demand Payment or you will unlock their devices. Company looks at all the productiviy gains the last 2 months and pays up.
4. Profit!!!
Multi-million ransom for exactly what? (Score:2)
Ok. So the clob gang must have gotten some really juicy information on the CEO. Why hasn't the board of directors started asking questions, like "WTF did you do that you haven't told us about"? and "How frequently will we have to pay to cover up what you did?"
Re: (Score:2)
Who said the board has to know if the exec pays out of pocket - and by pocket, I mean something more like a Scrooge McDuck money pool.
They don't understand the USA (Score:2)
You mess with the rich, who have plenty of cash to bribe* politicians with, then serious Federal resources may be devoted to hunting you down. It's in your interest to stick to targeting ordinary grunts of my financial caliber, who can't do shit.
* Legally, thanks to GOP-sponsored Citizens United ruling.
Re: (Score:1)
You mess with the rich, who have plenty of cash to bribe* politicians with, then serious Federal resources may be devoted to hunting you down. It's in your interest to stick to targeting ordinary grunts of my financial caliber, who can't do shit.
* Legally, thanks to GOP-sponsored Citizens United ruling.
It's safe to assume that the vast majority of these groups are located internationally. Likely in nations with no interest in working with US authorities.
Re: (Score:1)
I don't see that as a barrier, if given resources. The CIA etc. can go around them if such gov'ts don't cooperate.
Re: (Score:2)
Likely in nations with no interest in working with US authorities.
Dollars can buy local muscle.
Re: (Score:2)
Re: (Score:2)
More deadly, they have money for good lawyers and private security investigations. Stop inventing graft with no evidence. . . .errr. . . .you don't work for the alleged president, do you?
Maybe now... (Score:1)
Maybe now we will see some prioritization on security over new-and-stupid features! But probably not...
Leak sites (Score:2)
I crashed the hard drive on my PC a while back. I lost a lot of good porn. I wonder if one of these sites has a copy which I might use to recover it.
That's normal (Score:2)
The higher up, the bigger the tech-ignorance.