Attackers extorting victims with fake ransomware claims

Cybersecurity company Avast has uncovered evidence of a cybercrime group attempting to extort victims by sending emails attempting to trick customers into thinking they have fallen victim to a ransomware or data extortion attack.

The new attack campaign intimates that a company has been a victim of a cyber breach, and asserts that the attackers have stolen a large trove of data including HR data such as employee records, and personal and medical data.

But in reality, the attackers are merely trying to scare victims into paying up. To give the threats greater weight, the emails often cite local regulatory laws covering data breaches, including those threatening large fines for serious or repeated privacy breaches.

Avast Cyber Security Expert Stephen Kho said recipients of the threats should not be fooled.

“To people receiving this email, this can initially appear as an extortion campaign launched by cybercriminals after a genuine data breach. However, all signs indicate that it is simply a scam to scare company decision-makers into paying money to avoid further consequences — such as having data sold on the black market and huge fines,” he said.

“Companies want to avoid data breaches and having their customers and clients learn their data has been stolen which we have seen happening with huge companies like Optus and Medibank and most recently, Latitude Financial. This tactic is similar to what some ransomware groups do to force victims into paying in exchange for not only getting their data back, but to avoid having their confidential information sold or made public.”

Kho said the emails are likely semi-automated attacks, and advised recipients to look for telltale signs such as typos in the message or claims the attack is associated with unknown ransomware groups.

Image credit: iStock.com/MicroStockHub