Ransomware gangs emailing customers of victims to extort them
Ransomware is not a new phenomenon and several businesses have suffered after falling victim to hacks that cause their data to be encrypted and faced with huge ransom demands. However, ransomware makers are now reportedly training their guns on their customers of their victims, warning them that their data will be leaked if they don't “convince” the victim to pay the ransom amount.
Spotted by security researcher Brian Krebs, the newest form of online intimidation involves emailing the clients of the victims informing them that the company has been hacked and that the data that has been stolen will be published online if the ransom is not paid. The emails appear to be going out to customers of companies that have been affected by the ‘Clop' ransomware.
Krebs published one of the emails on his blog, which tells the customers that they received it because they were a customer, buyer, employee or partner of the victim company. “The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples' data,” it says. The email goes in to tell the customer that their information will be published on the dark web with a link to a website — unless the victim company contacts the ransomware group.
Unlike traditional ransomware groups, Clop demands two sets of ransom payments – one to decrypt the data from the victim's computers which it does by sending over a key, and another to “stop” the group from publishing sensitive information stolen from the victims on the dark web. This appears to be a new trend among ransomware groups who target companies that keep backups of their data and simply refuse to pay the ransom for encrypted data that can simply be replaced.