Cybercrime group asking insiders for help in planting Ransomware
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom," Abnormal Security said in a report published Thursday.
"The employee is told they can launch the ransomware physically or remotely. The sender provided two methods to contact them if the employee is interested-an Outlook email account and a Telegram username."
Black Kingdom, also known as DemonWare and DEMON, attracted attention early March this year when threat attackers were found. Exploiting a flaw in ProxyLogon Affects Microsoft Exchange Server and infects unpatched systems with ransomware strains.
Abnormal Security, which detected and blocked phishing emails on August 12, created a fictitious persona to respond to solicitation attempts and contacted Telegram messenger actors, but the executable file of the attack containing two links. I spilled it carelessly. If the “employee” is an executable ransomware payload that can be downloaded from WeTransfer or Mega.nz.
“The actor also instructed us to destroy the .EXE file and remove it from the Recycle Bin. Based on the actor’s response, he 1) expects employees to have physical access to the server, 2 It’s clear that this is not the case. We are familiar with digital forensics and incident response investigations. “
It’s also worth noting how using LinkedIn to collect email addresses for senior management companies. It reiterates how business email breach (BEC) attacks originating from Nigeria continue to evolve, exposing companies to advanced attacks such as ransomware.
INTERVIEWS
TOP VIDEOS
SECURITY
SOFTWARE
Blackstone portfolio company R Systems takes over Velotio
R Systems announced that it has signed definitive agreements to acquire Velotio, an India-...
NEC India, GLA University and Edulateral Foundation collaborate to enable learning for students in AI and Analytics
NEC Corporation India (NEC India), a wholly owned subsidiary of NEC Corporation, GLA Unive...
Tech Mahindra to help Bank of Baroda to enhance Customer Experience
Tech Mahindra announced its partnership with Bank of Baroda, to deploy digital solutions t...
START - UP
PERIPHERALS
INDUSTRY EVENTS
Kingston showcases New Non-Binary DDR5 Memory and XS1000 External SSD in COMPUTEX 2023
Kingston Technology has announced it will make a grand return to COMPUTEX Taipei event aft...
Genesys creating an exceptional Customer Experience leveraging the skillful orchestration of Employee Experience
To recognise its strategic partners advancing the industry, Genesys, organised the APAC Pa...
TDC Captures the Beauty of our Natural World at Vivid Sydney 2023
Sydney, Australia, May 2023 – It would be easy for a company like TDC – T...
MediaTek organizes its 12th Chapter of Technology Diaries
MediaTek has hosted its 12th Chapter of Technology Diaries themed ‘The Vision to Go...
E- COMMERCE
