Cybercriminals push to recruit insiders for ransomware attacks
More than half of large North American IT companies say threat actors asked their employees to help in a ransomware attack. Most companies eventually became victims.
A recent survey by Hitachi ID shows that hackers have approached 65% of executives and their employees to assist in ransomware attacks. An increase of 17% since the last survey in November.
The survey inquired 100 North American IT companies with 5,000 or more employees.
In most cases (59%), threat actors initiated contact via email. 27% received phone calls, while cybercriminals approached an additional 21% using social media.
The increase in attempts to recruit insiders seems to worry company representatives as 53% of respondents say they are equally concerned about internal and external cybersecurity threats.
Interestingly, half of the companies where ransomware gangs approached employees reported the incident to federal law enforcement agencies but not internally.
31% reported the incident within the company, and only 18% informed both employees and the federal government about the incident.
Criminals were not too generous with their recruitment attempts, as the majority of offers (57%) to cooperate were less than $500,000 in bitcoin or cash.
In 28% of cases, cybercriminals offered employees between $500,000 and $1 million. In 11% of cases, criminals bargained, offering potential partners over $1 million.
According to the survey, 49% of companies where cybercriminals approached employees ended up a victim of a ransomware attack. 19% claim to be unsure whether the company got hacked.
Cyberattacks are increasing in scale, sophistication, and scope. The last 18 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.
Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.
The prevalence of ransomware has forced governments to take multilateral action against the threat. It's likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline and arrest the Cl0p ransomware cartel members.
Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
More from CyberNews:
Subscribe to our newsletter