Hackers now post ransom notes publicly to urge victims to cooperate

June 8, 2022
Hackers Ransom Notes Ransomware Victims Dark Web Threat Group Industrial Spy SATT Sud-Est France

Ransomware gangs may have been upgrading their extortion tactics after starting to hack corporate websites to post their ransom notes for the public to see, adding more pressure for their victims to pay up.

Industrial Spy, a ransomware threat group, was the first that has been identified using this new extortion tactic. Initially, the threat group was a data extortion marketplace that recently shifted its operations to ransomware.

The recent attack activity of Industrial Spy involves selling the stolen data of the SATT Sud-Est, a French firm, on their dark web marketplace for $500,000. However, security researchers noticed how the group had hacked the firm’s website to post a ransom message, warning that they would expose the victims’ 200GB of company data if they failed to cooperate.

 

It could be the first time a threat group had threatened a victim through the publicly posted ransom notes, contrary to the typical ransom requests of ransomware gangs that have been done privately with their victims.

 

In usual instances, the ransomware gangs give their victims a window of time for negotiation, including until the victim can pay the ransom request, before eventually getting their data leaked if they refuse. Moreover, the entire negotiation is a classified procedure, and the victim being under attack is usually not disclosed to the public.

The ransomware groups also use several methods to pressure their victims to pay up, including DDoS attacks on corporate websites and blackmailing them.

Security researchers consider this new attack tactic to be effective, involving ransom notes being posted on the victims’ websites. The more that the victims’ cybersecurity predicament can be easily seen by their clients and partners, the more chances they would prefer to cooperate with the hackers and pay the ransom requests.

There are still factors for this new tactic to fail and not be implemented extensively, including how most web servers are hosted via hosting providers and not through a corporate network. From this viewpoint, the hackers would have to rummage through a website for a vulnerability to exploit or gain unauthorised access via stolen credentials to be able to publish their ransom notes.

As of now, SATT Sud-Est has yet to share a statement about the attack incident. The French firm’s website is also currently down.

About the author

Leave a Reply