AhnLab cybersecurity researchers: The malware is downloaded and executed from a WSF file within a compressed file, delivered via URL in phishing emails.
ZDNet: A unique call center is working for Ransomware groups to increase pressing on malware victims
A unique call center is working for Ransomware groups to increase pressing on victims. It has been confirmed to ZDNet by different cybersecurity experts. It is activated if the cybercrime gangs behind the malware suspect that a hacked company might try to restore from backups and avoid paying ransom demands. “We’ve seen this trend since at least August-September,” Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, explained. “We think it’s the same outsourced call center group that is working for all the (ransomware gangs) as the templates and scripts are basically the same across the variants,” Bill Siegel, CEO and co-founder of cyber-security firm Coveware, adds. According to a recorded call made on behalf of the Maze ransomware gang, the callers had a heavy accent, suggesting they were not native English speakers.
The cybersecurity experts: The use of phone calls is another escalation in the tactics used by cybercrime on ransomware victims
According the cybersecurity experts, the use of phone calls is another escalation in the tactics used by ransomware gangs to put pressure on victims to pay ransom demands after they’ve encrypted corporate networks. Previous ones included the use of ransom demands that double in value if victims don’t pay during an allotted time, threats to notify journalists about the victim company’s breach, or to leak sensitive documents on so-called “leak sites” if companies don’t pay. However, while this is the first time ransomware gangs have called victims to harass them into paying, this isn’t the first time that ransomware gangs have called victims. In April 2017, the UK’s Action Fraud group warned schools and universities that ransomware gangs were calling their offices, pretending to be government workers, and trying to trick school employees into opening malicious files that led to ransomware infections.