New Ransomware Ploy: Bribe An Employee

A San Francisco-based cybersecurity company says it managed to establish communication with a ransomware group that had been contacting employees of some of its clients in an effort to get them to infect their company’s networks from the inside, in exchange for a share of the ransom. The emails, said to come from a known ransomware gang sometimes called DemonWare, also known as Black Kingdom or DEMON, offer the employee 40 percent of an anticipated take of $2.5 million, or $1 million, to be paid in bitcoin. By creating a fictional persona, the cybersecurity company was able to find out how the deal would play out, capturing the conversation with screen shots. It ascertained the actor is based in Nigeria, that it obtains employee contact information through LinkedIn, and that it engages with potential collaborators to determine company financials and will adjust its demand downward for smaller targets. The employee is given detailed instructions on how to plant the malware and then delete the executable file, which the cybersecurity company determined was off-the-shelf ransomware.