Why implement a costly and technically advanced ransomware attack When is it enough to pretend? Barracuda Networks has recently identified a new type of scam email in which attackers pretend to be the notorious ransomware group Clop. By threatening to break into corporate networks and steal sensitive information, they try to extort money from their victims, without actually carrying out any attack.
Refers to real attacks to appear authentic
In the emails, the attackers claim to have exploited a security flaw at Cleo, a company that develops file transfer platforms such as Cleo Harmony, VLTrader and LexiComBecause the approach is associated with real Clop attacks, the scam becomes difficult to see through.
To give the appearance of authenticity, the scammers link to a blog article reporting how Clop robbed 66 of Cleo's customers of their data. They then suggest that the victim contact them via a series of provided email addresses.
How do you expose the scam?
Barracuda Networks security experts have identified several factors that help businesses to distinguish between a real ransomware attack and a scam:
- Scam email from fake Clop hackers often references real news articles about Clops ransomware attacks.
- If the email includes a 48-hour payment deadline, links to a secure chat channel for negotiations, and partially reveals names of affected companies, it could be a real attack and should be handled as an urgent security incident.
- If these elements are missing, it is likely a scam to trick the recipient into paying without any actual attack having taken place.
– We see a clear trend where cybercriminals are becoming increasingly sophisticated in their methods of exploit the fear of ransomware. By exploiting the fear that real Clop attacks creates, the fraudsters hope to pressure companies into paying, even though no attack has occurred. This underlines the importance of always verifying threats before acting, says Klas Palmér, Security expert at Barracuda Networks.
Read more here"
Swedish
English