Ransomware attacks: the next level?

On 20 April 2021, a notorious collective of cybercriminals known as the Dark Ransomware Group posted an advertisement on their Dark Web homepage.  The purpose of the advertisement was to encourage stock market traders to make contact with them, in order to obtain 'insider' tips on the Group's next corporate targets.  So what exactly was the point of this exercise?

As a general rule, the trading value of stocks and shares will invariably fluctuate on a daily basis - particularly at times of market volatility.  When cyberattacks hit the headlines, it can all too often set hares running.  Indeed, from an investor's perspective, the potential risk of hefty data fines as well as irreversible reputational damage, can be two of the main driving forces behind an acute drop in market demand.  The longer a targeted corporate takes to pay a ransom, the more drawn-out and protracted any recovery period is likely to be.  Not only this, but the longer investors have to consider their options, especially if the corporate has been targeted numerous times and is displaying signs of cybersecurity vulnerability. 

It appears as though groups like Dark Ransomware have identified this issue, and are now beginning to exploit those responsible for influencing a company's valuation, in addition to simply seeking to exploit the company itself (by way of demanding a ransom payment).

By reaching out to stock traders and their client investors, cybercriminals could be in a position to levy fees in return for the 'insider' information.  From the investor's perspective, the upshot is that they will be given a window of opportunity within which to offload or 'short-sell' their shares in the targeted corporate, before they likely fall in value following successful execution of the ransomware attack; thus, minimising their potential loss, which could otherwise have far exceeded the fee paid to the cybercriminals.

Indeed, where the provision of this 'insider' information has been monetised, the cybercriminals would then be able to demand their desired ransom from the target itself in the usual manner, with the possibility of making a double-return.

This is in many ways a two-pronged approach, with the potential for both short and long-term gain.  Specifically, if the method described above was to become the established practice and enough investors became embroiled in the short-selling of stocks, listed companies could find their stock prices at constant risk of artificial manipulation.  This, in and of itself, may be enough to encourage targeted corporates to pay ransoms much more quickly, and put up less of a fight when these types of attacks occur.

There can, of course, be no escaping the fact that all of this will be predicated on stock traders and their investor clients trusting the cybercriminals to provide 'insider' information once they have paid the requisite fee.  One can envisage a situation where fees are levied and paid (most likely via the anonymity of cryptocurrency), but the cybercriminals fail to uphold their side of the bargain.

This may well be the case, but as with any business (whether legitimate or not), reputation plays a key part in success.  Groups like Dark Ransomware are widely reported to be adopting a more professional approach to operations and activities.  Examples of this range from the deployment of business analytics for the purposes of determining viable financial targets, to excellent 'customer service' when it comes to negotiating the release of data.

Regardless as to whether or not this enterprising approach takes off, it can definitely be said that ransomware is becoming big business.

You can find other recent news on cybersecurity and ransomware attacks, here.