Bitcoin hackers offer dissatisfied workers infections in businesses

#ransomware protection

 Email, software vulnerabilities, and file downloads from unknown sources are the most common entry points for ransomware attacks on businesses. Only recently have criminals in this field promised profits of up to 40% in Bitcoin to company employees who assist in carrying out these attacks.

The city of Serra was attacked by ransomware last week, affecting its servers and backups. As a result, the IT team was still working to restore the systems until the last case update, which was released on Monday (30).

This case, however, is just one of many examples of the problems caused by ransomware attacks on businesses and government agencies, which are halted for several days as a result of the encrypted files.

Criminals promise a 40% profit in Bitcoin to company employees in exchange for facilitating break-ins.

With the siege closing in on organizations that use ransomware all over the world, a topic that was even the subject of a G7 meeting in June 2021,

Furthermore, cybersecurity systems are evolving in order to detect and prevent attacks. As a result, the criminals behind malicious software are looking for new ways to infect victims' businesses.

And one of the methods discovered, according to Kaspersky, was the search for employees of companies willing to infect their own workplace. These audacious propositions typically appear in spam messages, where they capture the attention of new accomplices and even offer training in ransomware activation.

"As absurd as it may appear, some people use spam to find accomplices. One message, for example, directly offers "40%, $1 million bitcoin" to anyone willing to install and deploy DemonWare ransomware on their organization's main Windows server ""Whatever."

In Nigeria, a young hacker with no experience spreading ransomware was caught recruiting corporate executives, which was one of the detected cases of this social engineering attack.

The case gained attention, and the digital bandit's decision to use DemonWare proved to be incorrect, as the code to unlock it was already widely disseminated on the internet.

Employees who are dissatisfied are the primary targets.

Access to companies has been traded on the dark web for some time, with the help of the well-known Initial Access Brokers (IABs), which had significant ramifications in 2021 in cybersecurity forums.

Many of these actors are employees who have been fired or are dissatisfied with their current services, and they grant access to the corporate network in exchange for the promise of earnings, which are now commonly offered with Bitcoin.

In addition to ensuring employees' minimum access, Kaspersky experts recommend that the access policy be constantly revised. It is worth noting that, while ransomware primarily targets businesses and governments, individuals can also have their devices encrypted.

In recent months, the preferred regions for ransomware attacks have been North America and Western Europe, but cases have also been reported in Latin America.