Ransomware gangs have a pretty easy time of it already. They hack into a company server, encrypt all their data, demand payment, and wait. But what if the victim drags their feet on paying the ransom? The gangs have a new tactic to add even more pressure to the situation in an attempt to force payment quickly.
As KrebsonSecurity reports, some of these gangs have realized they can email the customers and partners of the companies they are holding to ransom. One of these emails was sent to Krebs by a customer of Atlanta company RaceTrac Petroleum, which recently suffered a “security incident” through one of its third-party service providers called Accellion Inc.
The email reads, “Good day! If you received this letter, you are a customer, buyer, partner or employee of [victim]. The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data … We inform you that information about you will be published on the darknet [link to dark web victim shaming page] if the company does not contact us.” The email concludes by suggesting the person “Call or write to this store and ask to protect your privacy!!!!”
Now imagine you are the company trying to decide whether to pay the ransom, and then your customers start calling in a panic demanding to know what’s going on and asking for reassurance that their details are safe. It’s sure to push a few victims into paying just to bring the whole episode to a close quickly and move on, which is exactly what the gangs want, too.
Krebs also points to ransomware gangs asking their victims to pay two different ransoms. The first payment unlocks the encrypted data, and the second payment guarantees the stolen data isn’t published publicly or sold. But even if both ransom demands are paid, there really is no guarantee the stolen data won’t be shared anyway. The only way to avoid this is to ensure protection is in place to prevent it happening in the first place.