The new extortion techniques of ransomware gangs

Researcher and founder of Hold Security, Alex Holden, has uncovered two innovative techniques used by ransomware gangs to increase their revenue.

The first is from the Clop group, which specializes in attacks in the medical sector. In order to increase their number of victims, cybercriminals pose as a patient who sends a medical company a liver scan or tests. Clop hides its ransomware in these documents, which is activated when opened.

« They rely on physicians or nurses to review the patient’s chart and scans just before the appointment. They initially considered using cardiovascular problems but decided that cirrhosis or liver fibrosis would be more likely to be diagnosed remotely from existing tests and scans, » Alex Holden says.

The second technique comes from the Venus group. This gang, which appeared in mid-August 2022, has no problem infecting and encrypting the IS of American companies, but it has trouble getting paid. The hackers have therefore developed a new extortion technique.

It consists of locating an executive who exchanges confidential financial results with his or her CEO. Venus members then take control of the executive’s machine and create fake emails giving investment orders on the financial markets based on this information.

At the same time, they inject files to modify the metadata of the fraudulent e-mails, so that they indicate that they were sent from the victim’s computer at a given time.

Finally, they threaten the executive with revealing these false exchanges, which are considered insider trading and are punishable by 20 years in prison. Faced with the risk of scandal, the victim is encouraged to pay large sums.