Cybercriminal extortionists have adopted a new tactic to apply even more pressure on their corporate victims: contacting the victims’ customers, and asking them to demand a ransom is paid to protect their own privacy.

At the end of March, Bleeping Computer reported that the Clop ransomware gang had not stopped at threatening hacked companies and contacting journalists, but had taken the additional step of direct emailing victims’ customers whose details had been found in stolen data.

AWS Builder Community Hub

Organisations whose customers and commercial partners have been contacted include a hacked bank, a manufacturer of business jets, an online maternity clothing store.

Separately, security blogger Brian Krebs reports that a chain of gas convenience stores and a university in the United States have been similarly singled out for such unwanted attention following a ransomware attack.

It appears that similar emails have been sent, encouraging recipients to apply pressure on the organisation that is being extorted to pay up – or personal data will be published.

A typical email reads as follows:

Good day! If you received this letter, you are a customer, buyer, partner or employee of <victim organisation>. The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data. We inform you that information about you will be published on the darknet ( <link> ) if the company does not contact us. Call or write to this store and ask to protect your privacy!!!!

This is just the latest example of how ransomware gangs have raised the pressure on their victims. Initially, ransomware attacks simply locked companies out of their data until a ransom was paid. Then, cybercriminals exfiltrated sensitive data and threatened to release it if their demands were not met. Some ransomware gangs even created websites to publicise (Read more...)