Saturday, May 31, 2025
HomeRansomwareRansomware Gang Seeking Helping From Insider Threat to Deploy The Ransomware on...

Ransomware Gang Seeking Helping From Insider Threat to Deploy The Ransomware on the Systems

Published on

SIEM as a Service

Follow Us on Google News

The security analysts at Abnormal Security classified and blocked a number of uncertain emails recently that were sent to the customers of Abnormal Security security firm.

They detected that all the blocked emails were asking the customers of Abnormal Security to become a coordinator of an insider threat or ransomware scheme.

Here, the primary goal of the threat actor is to lure the customers with lucrative threat scheme incentives and then deploy their ransomware to infect their companies’ networks.

- Advertisement - Google News

Apart from all these things the analysts have indicated that all blocked emails have come from someone who has links with the DemonWare ransomware group.

Sending the Ransomware Request 

This is one of the latest campaigns that has been implemented by the threat actors. However, in this campaign, the sender determines the employee that if they can dispose of the ransomware on a company computer or Windows server.

In case if they can convince the targeted associate then they would be compensated with $1 million in bitcoin or 40% of the assumed $2.5 million ransom.

Moreover, the employee has been told that if they want to do so, then in that case they can launch the ransomware physically or remotely. 

After investigating the attack, the experts claimed that this ransomware has been distributed through email attachments, as well as using direct network access that was generally achieved via unsecure VPN accounts or software vulnerabilities. 

Finding the Insider 

Throughout a lengthy conversation with the attacker, the Abnormal Security expert asked the threat actor that what we needed to do to help?

After the email, the threat actors responded in just a half-hour and repeated that what was involved in the initial email, and it is followed by a question regarding whether we would be capable to access the fake company’s Windows server or not.

After investing in the ransomware, the threat actor has sent the experts two links for an executable file that could get download on WeTransfer or Mega(.)nz, these two are the file-sharing sites.

Here, the file was named “Walletconnect (1).exe” and based on an examination of the file they were able to authenticate the ransomware.

Finding Targets Through Social Networks

According to the investigation report, in this campaign, the threat actors get their target’s contact information from the professionals’ social networking site, LinkedIn.

And not only LinkedIn, along with it, they also find their targets from similar commercial services that offer the same type of information, as all these platforms are the most common targets for the threat actors to get information like this.

While apart from this, on further investigation the researchers detected that the threat actor is a Nigerian since they found traces of Nigerian currency.

Not only that even during their conversation the actor confirmed that he is from Nigeria and mimicked his name as “the next Mark Zuckerberg.”

So, this event clearly depicts that this type of attack or other malware intrusions is rare.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra...

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages...

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated...

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool...

Interlock Ransomware Uses NodeSnake RAT for Persistent Access to Corporate Networks

In a two UK-based universities have fallen victim to a sophisticated Remote Access Trojan...

Worldwide Operation Shuts Down Hundreds of Ransomware Servers and Domains, Ending Key Attack Infrastructure

Law enforcement and judicial officials, working together with Europol and Eurojust, have dealt a...