Beware: Cold calling contact centres offer extortion as a service

The use of outsourced call centres to extort money via ransomware is a sinister ramping up of cyber crime activities − the latest refinement, so to speak, of a nasty trade.

If necessity is the mother of invention, then cyber criminals are emerging as the most ingenious public enemy, as they constantly strive for better ways to extort money.

They are said to have even developed a set of best practices as part of their modus operandi. While it may seem ludicrous to discuss best practices for criminal activities, it is a fact that the level of sophistication and organisation of ransomware attacks has reached new heights.

Criminal gangs are constantly seeking new ways to make crypto-locking malware ever more profitable. Best practice principles appear to be based on the hit success rate. Even more extraordinarily, ransomware gangs are said to be practising customer relationship management.

The latest trend being reported is that of gangs operating from call centres and cold calling victims to inform them their systems have been hit by ransomware and that demands must be met if they wish to resolve the situation. This is said to be the newest shakedown tactic aimed at putting psychological pressure on victims to induce them to pay quickly.

Industry specialists testify that the number of ransomware attacks and the amount of ransom payments continue to soar. In part, they say, this is due to so-called human-operated ransomware, referring to gangs that don't just rely on malware and opportunistic infections, but which instead bring advanced network penetration and other skills to bear.

ZDNet reports that utilising phone calls is another escalation in the tactics used by ransomware gangs, pressing victims to pay ransom demands after they've encrypted corporate networks.

This report goes on to state that previous tactics included the use of ransom demands that double in value if victims don't pay during an allotted time, threats to notify journalists about the victim company's breach, or threats to leak sensitive documents on so-called "leak sites" if payment is not forthcoming.

Criminal gangs are constantly seeking new ways to make crypto-locking malware ever more profitable.

Apparently, while this is increasing in popularity with cyber criminal gangs, it’s not entirely new.

One example from 2017 is the UK's Action Fraud group that warned schools and universities that ransomware gangs were calling their offices pretending to be government workers and trying to trick school employees into opening malicious files that lead to ransomware infections.

These cyber criminal gangs are now operating in an organised cohesive manner and going straight to the hacked company’s customers if they suspect the business will not pay but will attempt to restore information from backups. They are doing this in a systematic manner, with phone calls using the information they have stolen from the company.

Therefore, while the calling of victims is not necessarily a new development, the use of outsourced call centres is a sinister ramping up of these activities − the latest refinement, so to speak, of a nasty trade.

To pay or not to pay – that is the question

In 2019, Forrester reported that the US Conference of Mayors had adopted a resolution against paying ransoms. The article goes on to state that this essentially creates a vertical front of communities against ransomware that may well disincentivise attackers from targeting US towns and cities – an action supported by the research group.

However, it adds that this resolution is a dismissal of culpability that should possibly have been more angled toward investment in cyber security measures to prevent attacks, instead of advertising that they would rather fall on the sword than pay the piper.

This is an interesting take on a hotly debated topic. It is a pragmatic perspective that notes that ransomware victims might consider prioritising their self-interest and possibly think about paying if they can establish that the threat-actor (very respectable term for a criminal) will credibly provide decryption keys and that recovery will be discernibly less costly in doing so.

Of course, in a multi-opinionated social media world that argument will have many counter-arguers – as that approach may also feed a growing market. The latter is in many ways a moot point – ransomware is already a hugely established market. Adding the cold chill down people’s spines on receipt of such phone calls may serve to drive it to even greater heights.

Cybercrime Magazine estimates one ransomware attack will occur every 11 seconds this year. This is a sobering prediction but confirms that ransomware is here to stay and is only going to get worse and worse, or better and better, depending on one’s perspective.

The only solution to this major business problem must one that aims to neutralise attacks but without the complexity of siloed cyber security and data protection strategies. A proactive, multi-layered data and ransomware approach that assists companies to reach IT resiliency faster, is what is needed.

Protecting infrastructure from security threats, data loss and downtime is difficult enough, however. Juggling multiple strategies, processes, vendors, SLAs and support teams only adds complexity that can leave organisations open to security gaps and data erosion.

Businesses need to look at security in a holistic fashion that brings in all of the elements necessary for prevention of attacks – the ultimate goal: backup and disaster recovery. Look at the package and not the single issue of breach.

By Byron Horn-Botha
Lead: Arcserve Southern Africa channel and partnerships.

Link to original article here –