HQ/EMEAFind out how we can help your business
As the threats of cyberattacks in the US continue to rise, fake ransomware extortionists attempt to ride along by sending empty threats to companies to earn profits. One of the reports concerning this issue is a group called ‘Midnight,’ with activities detected as recently as March 16.
Researchers said the Midnight group pretends to be different ransomware groups, threatening victims about stealing their data. If the victims do not comply with the ransom demands, the group will strike them with DDoS to inflict pressure.
Midnight group have been actively conducting fake extortion attacks in March.
Two ransomware groups that the Midnight group was seen impersonating were Surtr and Silent Ransom Group (SRG), with a massive fraudulent email campaign launched weeks before the last two weeks of March.
The victims of this group are companies in the US that have been previously targeted by other legitimate threat groups, a tactic that could effectively force the victim to pay the ransom demands. Researchers noted that Midnight could have chosen their victims through an initial attacker’s leak site, social media, news reports, and company disclosures.
Since 2019, security experts have been spotting these similar extortion tactics rampaging in the cybercriminal landscape. Some researchers call these tactics ‘Phantom Incident Extortion (PIE),’ wherein the attackers utilise the history of a victim’s ransomware attack to demand payment as they impersonate the initial threat group that conducted the original attack.
Furthermore, the PIE attacks are all nothing but empty threats, although they could still pose threats to victims, especially if the victims are unaware of such existence of fraudulent tactics that exploit their history of being a victim to be extorted again.
Companies, with or without a history of ransomware attacks, must be wary of how phantom incident extortion works. Closely assessing emails from suspicious senders is recommended, and once lea-+rnt that they are empty threats, experts advise dismissing them and blocking the senders of the emails.
