Heimdal
article featured image

Contents:

Industrial Spy ransomware gang has devised a new extortion strategy: it compromises corporate websites in order to publicly display ransom notifications.

The new technique is being employed by Industrial Spy, which is a data extortion organization that recently started using ransomware as part of its attacks.

In their attacks, the cybercrime group will hack into networks, steal information, and use ransomware to encrypt devices.

Example Industrial Spy ransom note

Source

Yesterday, Industrial Spy started selling stolen information they say belongs to a French organization named SATT Sud-Est for $500,000.

According to MalwareHunterTeam, this cyberattack is notable as the hackers also breached the organization’s website to show a note informing that 200GB had been snatched and would soon be available for sale unless the victim paid a ransom.

Source

We already know that when such cybercrime groups extort money from their victims, they usually give them a limited amount of time (a couple of weeks) to negotiate and pay the requested ransom before making the stolen information public.

When the cybercriminals negotiate with the victims, they assure them that the ransomware attack will be kept a secret, that they will receive a decryption key, and all the stolen data will be deleted once they have received their money.

Following the negotiation process, the attackers will use different tactics to put even more pressure on the victims. They will:

  • launch DDoS attacks on corporate websites,
  • send emails to clients and business partners,
  • call executives to threaten them.

All of these strategies are carried out in secret or with minimal public exposure on their data leak websites, which are typically only visited by cybersecurity experts and the media.

Nevertheless, for the first time, a ransomware organization is seen destroying a website in order to publicly display a ransom message.

While this strategy is unusual, it empowers the ransomware group to put even more pressure on a victim by bringing the attack into the open, where customers and business partners can see it.

It’s hard to believe that this novel strategy will catch on because web servers are usually held with hosting companies rather than on corporate networks. So, cybercriminals would have to exploit a website weakness or obtain access to credentials when they steal information from internal networks.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE