Tuesday, May 13, 2025
HomeRansomwareRansomware Gang Seeking Helping From Insider Threat to Deploy The Ransomware on...

Ransomware Gang Seeking Helping From Insider Threat to Deploy The Ransomware on the Systems

Published on

SIEM as a Service

Follow Us on Google News

The security analysts at Abnormal Security classified and blocked a number of uncertain emails recently that were sent to the customers of Abnormal Security security firm.

They detected that all the blocked emails were asking the customers of Abnormal Security to become a coordinator of an insider threat or ransomware scheme.

Here, the primary goal of the threat actor is to lure the customers with lucrative threat scheme incentives and then deploy their ransomware to infect their companies’ networks.

- Advertisement - Google News

Apart from all these things the analysts have indicated that all blocked emails have come from someone who has links with the DemonWare ransomware group.

Sending the Ransomware Request 

This is one of the latest campaigns that has been implemented by the threat actors. However, in this campaign, the sender determines the employee that if they can dispose of the ransomware on a company computer or Windows server.

In case if they can convince the targeted associate then they would be compensated with $1 million in bitcoin or 40% of the assumed $2.5 million ransom.

Moreover, the employee has been told that if they want to do so, then in that case they can launch the ransomware physically or remotely. 

After investigating the attack, the experts claimed that this ransomware has been distributed through email attachments, as well as using direct network access that was generally achieved via unsecure VPN accounts or software vulnerabilities. 

Finding the Insider 

Throughout a lengthy conversation with the attacker, the Abnormal Security expert asked the threat actor that what we needed to do to help?

After the email, the threat actors responded in just a half-hour and repeated that what was involved in the initial email, and it is followed by a question regarding whether we would be capable to access the fake company’s Windows server or not.

After investing in the ransomware, the threat actor has sent the experts two links for an executable file that could get download on WeTransfer or Mega(.)nz, these two are the file-sharing sites.

Here, the file was named “Walletconnect (1).exe” and based on an examination of the file they were able to authenticate the ransomware.

Finding Targets Through Social Networks

According to the investigation report, in this campaign, the threat actors get their target’s contact information from the professionals’ social networking site, LinkedIn.

And not only LinkedIn, along with it, they also find their targets from similar commercial services that offer the same type of information, as all these platforms are the most common targets for the threat actors to get information like this.

While apart from this, on further investigation the researchers detected that the threat actor is a Nigerian since they found traces of Nigerian currency.

Not only that even during their conversation the actor confirmed that he is from Nigeria and mimicked his name as “the next Mark Zuckerberg.”

So, this event clearly depicts that this type of attack or other malware intrusions is rare.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Apple Releases Security Patches to Fix Critical Data Exposure Flaws

Apple released critical security updates for macOS Sequoia 15.5 on May 12, 2025, addressing...

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cybercriminals Hide Undetectable Ransomware Inside JPG Images

A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image...

New Mamona Ransomware Targets Windows Systems Using Abused Ping Command

Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbed Mamona,...

Play Ransomware Deployed in the Wild Exploiting Windows 0-Day Vulnerability

Patched Windows zero-day vulnerability (CVE-2025-29824) in the Common Log File System (CLFS) driver was...