Deploying ransomware is one thing, but making the victim pay is quite another. Today, a newcomer to the ransomware game (opens in a new tab) uses a unique new strategy to force its victims to give in to demands.
As spotted by BleepingComputer, a data extortion gang that recently added ransomware to its arsenal called Industrial Spy has started defacing the websites of targeted companies to force them to pay ransom.
The group recently broke into the network of a French company called SATT Sud-Est, discovered MalwareHunterTeam researchers, and encrypted everything they discovered on the company's endpoints (opens in a new tab). Industrial Spy demanded €500,000 in exchange for the decryption key.
extra pressure
In addition to the usual methods of persuasion, the group also broke into the company's website (which is almost never hosted on the same server as the company's data) and defaced the home page, leaving the following message:
"Your company data has been compromised. More than 200 GB of data will be released soon. Contact us to avoid reputational risk.
The site has since been removed, but the message is still visible on Google's search engine results page.
Since accessing the website requires additional effort (as well as additional malware (opens in a new tab), most likely), this method is highly unlikely to become a trend in its own right. However, you never know.
Cybercriminal techniques have evolved considerably over the years. In the early days of ransomware, hackers would simply lock files and demand money in exchange for the decryption key. As companies began to keep backups up-to-date, scammers began stealing data and threatening to post it online. When even that showed unsatisfactory results, they resorted to DDoS attacks and threatening phone calls.
This is just another in a long list of methods, and sooner or later there will surely be new ones.
Via BleepingComputer (Opens in a new tab)