RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2021/08/20 11:39:50

DemonWare (ransomware)

2021: Hackers began paying employees to install ransomware viruses on their company computers

In mid-August 2021, it became known that hackers began to pay employees to install ransomware viruses on the computers of their companies. This was reported by cybersecurity researchers from Abnormal Security. According to them, cases have been recorded when cybercriminals are trying to deceive employees to install an extortion virus DemonWare in the network of their organization in exchange for part of the ransom.

The ransomware DemonWare, also known as Black Kingdom and DEMON, is one of the least complex forms of ransomware. The attacker contacted company employees by e-mail indicated on public resources and asked if they wanted to install a DemonWare extortion virus on their network in exchange for a million dollars, which is 40% of the requested ransom of $2.5 million.

Cybercriminals began to pay employees to install ransomware viruses on their company computers

The attacker claimed that the person responsible for installing the virus on the network will never be caught, because DemonWare encrypts everything, including video surveillance files. Researchers note that this hacker is "not very familiar with digital forensics or incident response investigations."

Analysis of the files sent by the attacker confirmed that he really tried to distribute the working version of the ransomware DemonWare. The hacker claimed that he himself encoded the ransomware virus, but this is a lie - DemonWare can be downloaded for free from the GitHub, and his real author posted the program in the public domain "to show how easy it is to create the ransomware virus."

Although this attacker is unlikely to succeed, other hackers may have a much more skillful approach to finding insiders. For example, a group of hackers using the LockBit virus regularly enlists insiders to help conduct campaigns.

To prevent ransomware hacking - whether external intrusion or insider threat - information security groups must restrict the permissions of users who do not require administrator privileges. This can prevent cyber attacks using the accounts of ordinary users.[1]

Notes