Researchers have found a new way that crooks and cyber attackers are extorting money from companies. Criminals are hacking into enterprise networks and then keep the data for a while and come back for ransom. They will keep the data saying that they are helping the company involved to expose a flaw. This kind of act is criminal and is known as bug poaching by some IBM researchers. The researchers also say this kind of threat is slowly becoming a new issue to companies which will potentially grow if unattended to.
The researchers, who are part of the IBM X-Force team, said that the new method which the attackers were employing was a new kind of ransomware variation. In such case of bug poaching, companies will pay more than $30,000 to the hackers so that the firm can get hold of the information on how the hacker managed to get into the enterprise’s network. The more conventional and traditional ransomware that we know means a hacker directly infects a computer and encrypts the data on it, after which they demand a payment so they can give the user the decryption key.
The researchers noted that after intruders managed to steal the data, they will not give any threats to the companies. Instead, they will just put out a statement which says that they would require a payment before they can release details on how to combat the flaw and how they got into the networks.
John Kuhn, one of the senior threat researchers who works at the IBM Managed Security Services, said that these attackers would look like they are morally grounded people when they talk to the companies they have hacked into. But it is not like that; these hackers are all about extortion.
IBM said that they had been able to notice 30 such instances within the past 12 months. Kuhn stated that such cases of extortion were the crook takes a fake moral high ground had not been heard of before. He also says that the type of extortion was growing in numbers and companies needed to put on measures to tackle the problems when they eventually come.
The company also stated that the bug poaching incidents started with the cyber attackers getting into a company’s network and trying to get out of it with as much data they can get their hands on. After that, they post it to a third party cloud storage service, after which the hackers will then contact the company through email sending them links to the data under the guise that the data was stolen. Then they ask for money so that they can help the business identify the problem and patch it up.
During the attack, there is no threat to the victims of any public release of the data. Rather they will get a message which says, “Please rest assured that the data is safe with me. It was extracted for proof only. Honestly, I do this job for a living, not for fun.” Kuhn also said that the ransomware payment the attackers would receive is not any guarantee that the data would be destroyed.
He expects to see the attack become more and more sophisticated since more and more of the attacks and bigger sophistication would mean a higher payout. Kuhn said that these attackers may look like they are not dangerous to a company but the organization’s data and security posture was widely at risk.