Deploying ransomware is one thing, but getting the victim to pay up is an entirely different matter. Now, a relatively new entrant to the ransomware (opens in new tab) game is using a unique new strategy to force its victims to cave in to demands.
As spotted by BleepingComputer, a data extortion gang that only recently added ransomware to its arsenal, called Industrial Spy, has started defacing the websites of attacked companies in order to pressure them into paying the ransom.
The group recently broke into the network of a French company named SATT Sud-Est, researchers from MalwareHunterTeam found, and encrypted everything it discovered on company endpoints (opens in new tab). Industrial Spy demanded $500,000 in exchange for the decryption key.
Besides the usual methods of persuasion, the group also broke into the company’s website (which is almost never hosted on the same server as corporate data) and defaced the homepage, leaving the following message:
“Your business data has been compromised. More than 200GB of data will soon be released on the market. Please contact us to avoid your reputational risks.”
The site has since been shut down, but the message can still be seen on Google’s search engine results page.
Due to the fact that breaking into the website requires additional effort (as well as extra malware (opens in new tab), most likely), it’s highly unlikely this method will grow into a full-blown trend. You never know, though.
Cybercriminal techniques have significantly evolved over the years. In the early days of ransomware, threat actors would just lock the files and demand money in exchange for the decryption key. When businesses started keeping updated backups, crooks started stealing data and threatening to release it online. When even that showed unsatisfactory results, they turned to DDoS attacks and threatening phone calls.
This is just another in a long line of methods, and sooner or later, there are bound to be new ones.