Phantom extortion: Ransomware impersonation is nothing new. In 2019, organizations across the US reportedly received emails deploying the same fake breach modus operandi as the recent letter writers ‘pay up now because we have your data’. In truth, such campaigns are probably commonplace but are dismissed as obvious ruses and rarely reported on.However, by 2023 the tactic had evolved into something more sophisticated with a separate campaign backing up its bogus threats by attaching snippets of genuine data culled from dark web trawls. This raises a disturbing possibility: the organization has been breached but the group threatening them is not one who carried out the attack.Underlying all this is how organizations should defend themselves in practical ways against yet another fraud tactic.”Attacks like this are unlikely to succeed in the majority of cases, but the perpetrators only have to have a small number of victims fall for it for it to be a big pay day for them,” cybersecurity expert Graham Cluley said via email.
Developing defenses: The first line of defense against this type of attack is simply to develop a process to deal with it, he said. Incidents like this should be reported internally to increase awareness of the scammers’ techniques. At the same time, every ransom threat should be reported to the IT team as well as to the security companies supporting the organization.Attackers would typically include evidence that data has been exfiltrated in the form of genuine data. However, organizations need to be careful they aren’t being tricked:”These protocols include verifying the authenticity of any ransom demands. It is important to establish whether that data could have been stolen in an earlier data breach or may have been collected from a different third-party source,” said Cluley.Cluley also stressed the need for organizations to have a response plan that could assess the possibility of a breach itself while engaging with law enforcement.”There should be named members of staff in your plan who coordinate communications with any potential extortionist, who ensures that all relevant departments are involved in any important decisions. Make sure that you engage with law enforcement. If you have received a fake ransom snail-mail, chances are that other businesses have as well,” said Cluley.Ransom demands are always designed for their shock value, agreed John Shier, Field CISO at security vendor Sophos. Sending a demand by letter was unusual but that might be the point.”Teams need to bring awareness of this latest scam to their leadership. If an organization receives a letter, they shouldn’t panic, but they still need to investigate if there is any basis to the claim,” he said.”At the very least, companies should review network logs for any unauthorized access and large data transfers that don’t conform to normal patterns. While it appears that the letters are fake, some due basic diligence needs to be performed to rule out a data breach,” he said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3839190/ransomware-goes-postal-us-healthcare-firms-receive-fake-extortion-letters.html
