Everyday workers are now being pitched to turn against their employers and join ransomware attacks.
Researchers with security vendor GroupSense report that, as an addendum to their normal ransomware notifications, malware operators are now pitching victims on the prospect of infecting additional machines on their company network.
The offer comes as part of the notification pop-up that the standard ransomware infection — in this case a variation of the DoNex malware — would otherwise provide. While users would originally be served with a notification of infection and a ransom demand with payment instructions and links, there is now an additional offer asking the user to do the criminals’ dirty work.
“Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company,” the message reads.
“You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company.”
Kurtis Minder, CEO and co-founder of GroupSense, told SC Media that while the attack is nothing new, such brazen attempts to recruit employees into the ransomware scam are a new frontier for cybercrooks.
If trying to drag in end-users into the data theft conspiracy wasn’t enough, it also appears that the attackers are misrepresenting their own criminal credentials. Minder noted that the ransomware notice advertises itself as being from the LockBit group.
DoNex is a far less notable ransomware operation than LockBit, suggesting that the cybercriminals are trying for the cybercrime version of “stolen valor” in their sales pitch to end users.
Though the promise of generational wealth may be tempting, the best advice for users and administrators is to immediately notify management in the event of any potential ransomware infection.
While doing an “Office Space” and turning on your employer to cash out with a fortune might seem like an enticing proposition, we would point out that employees would be dealing with ransomware operators.
It goes without saying that criminals are by nature not the most trustworthy of business partners, and those promises of “millions” in payouts are, to say the least, unlikely to ever materialize.
Committing corporate espionage for what will likely turn out to be a pair of gift cards is not a good idea.
