It seems like the days of short and clear threat messages are slowly becoming old-fashioned, as ransomware gangs are becoming increasingly more aggressive with their scare tactics. Recently, an increasing number of victims have received constant emails and even phone calls from attackers.
What’s more, it also appears that the attackers no longer care who they threaten and don’t hesitate to contact any person whose information they’ve stolen. Such was the case with the Allen School District near Dallas, where attackers stole sensitive information about children, parents, and contact information.
One parent told NBC News that he had received three emails from attackers who were able to access his contact information after breaching his son’s school.
This trend shows that attackers will look to contact and scare anyone they can, regardless of their connection with the organization they’ve breached. This can prove to be effective as it can add even more pressure for the organization to act and potentially pay the ransom.
That is exactly what happened in this case, as concerned parents started asking questions about what was happening. Allen School District failed to notify them that their information became accessible to threat actors, adding even more fuel to the fire.
“They told us nothing,” said the parent. “That’s the upsetting part, is that they could have told us from the start, ‘We were hacked, lock your data down.’ They didn’t do that.” As compensation, the school district offered free credit monitoring services.
For regular people, receiving an email or call from a foreign hacker can be an unsettling experience and may cause panic, which is precisely what the attackers are trying to achieve.
No matter what their position is, organization employees have received such messages in the past. This past July, a UK worker received a voicemail after his organization had been hacked and managed to record it: Suncrypt Ransomware leaves victim a message.
As you can hear from the audio, the language used by the attacker is very specific for the organization that they’re targeting. If it was a US-based company, they might’ve mentioned that they have your social security number and other sensitive information to cause panic to their victims.
Attackers also analyze the data they’ve stolen to identify potential flaws within the company that may incriminate them so that they can use that information to scare the victim when requesting a ransom.
References
https://www.nbcnews.com/tech/security/ransomware-hackers-new-tactic-calling-directly-rcna6466
