Extract from BIA’s article “Ransomware Attackers Enlisting Insiders to Deliver Malware”
How do ransomware attackers enlist insiders to deliver malware for them?
Ransomware attackers are now enlisting insiders to deliver their malware. Perhaps it’s because some cybercriminals lack the technical skills necessary to gain access to internal systems and deliver their ransomware themselves, or maybe they just find recruiting insiders to be an easier way to do it. Whatever their motivation, bad actors are now sending emails to organizations’ employees and promising them substantial payoffs if these insiders will deploy their ransomware for them.
With ransom amounts reaching into the millions of dollars, an attacker can promise six- or even seven-figure payouts to an insider recruit and still realize a sizable profit. A disgruntled employee with financial difficulties may jump at the opportunity upon receiving an email from a bad actor looking for help. Fortunately, there are steps employers can take to reduce the likelihood of success for this type of attack.
How do ransomware attackers find insiders to deliver malware?
Identifying and contacting someone on the inside can be easy for a cybercriminal. In fact, some organizations make it too easy by unnecessarily publishing the names, contact information, and even the job titles of some or all their employees on public-facing websites. LinkedIn and other social media platforms can also be rich sources of contact information and employer data. Bad actors frequently use these sources to gather phishing and spear-phishing attack targets, and now they’re providing ransomware attackers with the contacts they need to find inside help.
