From August this year, a new trend is being witnessed among those spreading ransomware like Maze, Conti, RYUK and Sekhmet.
A research launched by Cyber Threat Intelligence firm Arete Incident Response says that those spreading the file encrypting malware from the said gangs are seen cold calling victims and pressurizing them to pay a ransom, if in case, the victims intends to restore the files through backups.
A similar trend was also witnessed by Cybersecurity firm Coverware last month and Bill Siegel the CEO stated that cold calling might have been given to an outsourced call center operating either in India or Philippines as most of the conversation takes places as per a scripted template.
Emsisoft stated that it has recorded a conversation of this sort in Sept this year where the hackers are seen pressuring the victim to discuss the issue with them instead of approaching a 3rd party firm like SentinelOne to recover the data.
What interests in this ransomware saga is that the demanded ransom gets increased by 10% as the hacker had to seek the services of a remote call center and run the entire operation in discrete. And if the victim fails to contact them within a 48 hours time after receiving the call, then the ransom gets doubled and a portion of the stolen data gets leaked onto dark web and might also go for sale.
Note- In April 2017, Britainās Action Fraud Group warned schools and universities about the ransomware spreading gangs that were offices in disguise of government officials and forcing them to open malicious files sent to their official PCs in the network. However, the cyber arm of GCHQ could not track down these hackers as the calls were being made through internet.
