Sunday, February 21, 22:58
Home security Ransomware teams target top company executives for ransom!

Ransomware teams target top company executives for ransom!

Ransomware groups now give priority to theft of data from workstations used by top executives and company managers. Their goal is to steal important information, which they can later use to pressure and blackmail a company's top executives into paying high ransoms.

This new tactic of hackers was revealed by ZDNet last week after it made a phone call to a company that paid a multimillion-dollar ransom to its gang. Clop ransomware. Similar calls to other Clop victims and interviews via e-mail with companies cyber security later confirmed that this is a technique that the Clop gang has perfected in recent months.

Ransomware teams target top company executives for ransom!

In the last two years, ransomware groups have evolved, now targeting not high-end consumers but high-profile companies. Hackers violate corporate networks, steal sensitively archives, which are then encrypted, and leave ransom notes to the violators computers.

In some cases, a ransom note informs companies that they must pay a ransom to obtain a decryption key. In the event of data theft, some ransom notes also inform victims that if they do not pay the required ransom, the stolen data will be published on data leak sites.

The ransomware teams hope that companies will do everything they can to avoid disclosing their confidential and sensitive data, which, in the event of exposure, will be accessible to competitors. Therefore, they will be more willing to pay the required ransom, rather than attempting to recover from backups.

Ransomware teams target top company executives for ransom!

There are also cases in which ransomware groups have told companies that publishing their data would also be tantamount to infringement which would probably lead to a fine being imposed on the victim by the authorities, while also tarnishing his reputation. This is clearly something that companies also want to avoid.

However, ransomware groups do not always manage to steal data or sensitive information attacks their. This reduces their ability to negotiate and pressure victims. That's why, in recent attacks, a team that has frequently used the Clop ransomware strain is specifically looking for workstations within a corrupt company, used by its top executives.

In particular, hackers search a manager's files and emails while stealing data that they believe may be useful to threaten or pressure a company's management. The same people who would probably be responsible for approving the ransom request days later.

Ransomware teams target top company executives for ransom!

Stefan Tanase, a cyberspace expert at CSIS Group, told ZDNet the following: "This is a new modus operandi of ransomware gangs, but I can say that I'm not surprised. Ransomware groups usually target the "gems" of a business. They are usually file servers or databases when it comes to deleting data for the purpose of leaking them. "It makes sense for top executives to follow, if that's going to have an even bigger impact."

In addition, Brett Callow, a threat analyst at cybersecurity company Emsisoft, told ZDNet that so far they have only seen such tactics in Clop ransomware-related incidents. Callow added that in the last two years, the tactics used by ransomware groups have become more and more extreme, as they now use every possible method to pressure their victims. Tactics used include harassment and threats through phone calls to both executives and customers and business associates. Facebook, press approach and threats to reveal "dirty money" of companies.

Evgueni Erchov, director of incident and cyber threat response at Arete IR, also said that one of his business associates REVil/ Sodinokibi ransomware has already adopted this technique from the Clop gang. In particular, he managed to find documents concerning internal discussions of the victims. He then used this information and contacted the executives via email, threatening to publish the data of the alleged "misdemeanor" of the administration.


Bill Siegel, CEO and co-founder of the security company "Coveware", pointed out that in many cases, the data used in extortion aimed at managing a company, does not always correspond to reality. He added that no case has been reported where the stolen data showed real evidence of corporate or personal misuse. For the most part, it's just a horror tactic for hackers to increase their chances of paying a ransom. Finally, Siegel stressed that these are criminal extortionists, who say many "fantastic" things, if they are going to bring them money.

This is information collected by ZDNet, with the help of the security company S2W Lab.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...