Cybercriminals are asking employees to install ransomware on their company’s network in exchange for a portion of the profits. The article details security researcher, Crane Hassold’s, experience engaging with a scammer offering 40% of the multi-million dollar ransom. The actor disclosed to Hassold that he originally tried phishing senior executives unsuccessfully, which is why he’s reaching out to insiders and asking to partner. Hassold was asked to install the Demonware ransomware strain which is freely available on Github.
Ransomware typically requires more sophistication to deploy. The actor used techniques commonly associated with business email compromise to engage the user and manipulate them to act on their behalf. It’s similar to other scams involving wire transfers, but the payload is ransomware.
Approaching employees directly is not new; however, there are growing concerns about disgruntled employees creating identities on the darknet and offering to launch insider attacks for a fee. The article cites the Lockbit 2.0 ransomware-as-a-service gang that included a solicitation for insiders in the desktop wallpaper left behind on systems encrypted with the malware.
Article: Wanted: Disgruntled Employees to Deploy Ransomware
Author: Brian Krebs
Published: August 19, 2021
Link: https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/
This is not at all surprising. Disgruntled employees can be a huge pain point for organizations. However, if employees are willing to do this level of damage to a company, then you have to consider the company and how they treat their employees. True, it only takes one bad apple, but if the “disgruntled-ness” is more than an anomaly, what does that say about the company. I’m a firm believer in root cause analysis and this behavior comes from somewhere.