Cryptocurrency ransomware attacks have become quite common within the industry, but these bad actors seem to be pushing these crimes to the next level as ransomware gangs are now harassing and threatening their victims, which are mainly private companies, according to a warning issued by the U.S. Federal Bureau of Investigation (FBI).
A private industry notification or PIN alert, which is regularly sent by the bureau to U.S. companies to inform them about the latest updates in the cybersecurity sphere, shared by Zdnet, states that the FBI has been aware of incidents since February 2020, where the notorious Doppelpaymer group has cold-called companies threatening and demanding them to pay a crypto ransom.
The intimidations often escalate to rude language and include threats to send people to the victims’ homes if they don’t pay the ransom in the attack deployed by the gang. The FBI detailed the Doppelpaymer as a group of threat actors that often demand between six and seven-figure ransoms in bitcoin from their victims.
In case victims fail to pay the Crypto ransom, the group exfiltrates parts of the stolen data and make “follow-on telephone calls to victims to further pressure them to make ransom payments.”
According to Zdnet, these tactics have been previously implemented by no defunct ransomware groups like Sekhmet and Maze. These groups tend to target the healthcare sectors, emergency, and education across the globe, and have been increasing activity since June 2019, said the Bureau.
A part of the alert, recalled an incident related to Doppelpaymer and its cold-calling tactics to harass victims:
“In one case, an actor, using a spoofed US-based telephone number while claiming to be located in North Korea, threatened to leak or sell data from an identified business if the business did not pay the ransom. During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee’s home address. The actor also called several of the employee’s relatives.”
December itself saw the Doppelpaymer group attack Foxconn, a Taiwanese electronics giant, and ask for a whopping 1,804 BTC ransom.
A growing threat
According to Brett Callow, threat analyst at malware lab Emsisoft, these attacks “continues to become increasingly problematic.” In its Q3 report about these attacks, Emsisoft noted:
“Ransomware remained a persistent threat in Q3 2020. Threat actors continued to favor post-compromise deployment, often spending significant time preparing the target environment and exfiltrating data before delivering the ransomware payload. We also saw more ransomware groups seek to weaponize stolen data, with threat actors such as Avaddon, Conti, Darkside, Suncrypt and Lockbit, among others, launching new data leak sites this quarter.”