[BreachExchange] A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts

[Destry Winant]

https://www.forbes.com/sites/leemathews/2021/03/28/a-ransomware-gang-is-asking-victims-customers-to-aid-in-extortion-efforts/?sh=2060a5002002

When ransomware first began infecting computers nearly two decades
ago, the mere threat of permanently locking away a victim’s files was
enough to coerce them into paying. Today’s cybercriminals are applying
leverage from all angles to convince their victims to pay. They may
even ask you to help.

It’s an unexpected new tactic being employed by the Clop ransomware
crew. This sophisticated group has been linked to a number of
high-profile hacks including the recent attacks that compromised
Accellion File Transfer appliances belonging to the likes of Jones Day
and Royal Dutch Shell.

Like most of its criminal competition, Clop steals data from its
victims and uses that data to apply pressure. Pay up or we’ll start
leaking your sensitive information, they threaten.

Asking Customers To Do Their Dirty Work

More recently the group started approaching victims’ C-level
executives directly. Now Clop actors are turning to the public, too.

As reported by Bleeping Computer, Clop has claimed a breach involving
a major maternity clothing retailer. The hackers used the data stolen
in the attack to contact customers and urge them to make the company
pay.

Making The Company Look Like The Bad Guy

Emails sent to the store’s customers look a bit like a breach
notification. They are, in a way, but they don’t provide some critical
information.

The note mentions that the recipient’s personal data was stolen and
that it will soon be leaked on a Dark Web site. “Call or write this
store and ask to protect your privacy!” the note urges.

Cybersecurity Vendor Failures

What the email conveniently fails to mention is that it’s the hackers
responsible (or a group working closely with them) who sent the
message.

It also fails to mention that the “privacy protection” they’re urging
people to seek is a ransom payment from a hacking victim. If the
ransom is received, the hackers won’t do anything nasty with the
stolen data.

Don’t Be An Accessory

Time and time again law enforcement officials and cybersecurity
experts have warned against paying these ransoms. There is simply no
way to be certain the hackers will make good on their promises.

There’s also plenty evidence that ransomware gangs will launch future
attacks against victims who have shown a willingness to pay. Add to
that the possibility that the stolen data may very well have been sold
to or shared with other criminal groups, and there’s just no
compelling reason to cave in to their demands.

If you’re unlucky enough to receive an email like this urging you to
act, take a beat. Ask yourself: do you really want to be an accessory
to a cyber extortion?