REvil Ransomware Group Threatens to Launch DDoS Attacks, Call Journalists and Business Partners
Threat actors are now cold-calling victims if they restore from backups without paying
There seem to be no boundaries for ransomware innovation as cybercrime gangs, such as REvil Ransomware (aka Sodinokibi), are always looking for new ways to make crypto-locking malware even more profitable.
Some ransomware groups, including Sekhmet, Maze, Conti, and Ryuk, have reportedly turned to cold-calling victims and inform them that their systems have been hit by ransomware and request a ransom to work out the situation. As you can imagine, this is just the most recent in a long list of blackmail tactics, which not only includes using crypto-locking malware but, lately, also leaking sensitive data to enhance the psychological pressure on victims to pay.
Just last week, a security researcher known as 3xp0rt discovered that REvil Ransomware launched a service for contact to news media, companies for the best pressure at no cost, and DDoS (L3, L7) as a paid service.
The REvil ransomware operation is a ransomware-as-a-service (RaaS), where the operators develop the malware and payment site, earning between 20-30% of the payment, and their affiliates who deploy the ransomware, earn the remaining amount.
What Is a VoIP Security Risk?
To better understand the attack, we need to define the term. VoIP stands for “voice over internet protocol”. Basically, a VoIP is a way to transmit voice messages over the Internet. Due to our dependency on computers, software programs, applications, and social media, we are increasingly vulnerable to this type of cyber threat.
This new tactic used by REvil was announced a month ago and includes a free service where the threat actors, or affiliated partners, will perform voice-scrambled VoIP calls to the media and victim’s business partners with information about the attack. The ransomware gang is probably assuming that warning businesses that their data may have been exposed in an attack on their partners, will create further pressure for the victim to pay.
It is worth mentioning that although this past year there has been a growing number of instances of ransomware operators using DDoS attacks against victims with the purpose of intimidating them into paying, no situations of calls to media or to business partners of victims have been recorded to date.