Would Fortune 500 companies use ransomware against their competitors? if it increased profits?
We are familiar with the way corporate executives are perfectly willing to break the law (and pay a fine: no on ever goes to jail, and the company pays for the fines) if it increases profits, particularly if the fines (if any) are but a fraction of the profit realized. (See earlier post today and Jamie Dimon’s secret meetings)
So why would a corporation hesitate to use ransomware against its competitors? … [crickets] …
Lorenzo Franceschi-Bicchierai reports in Motherboard:
Ransomware—computer viruses that lock a victim’s files and demand a payment to get them back—has become so common that experts believe it’s now an “epidemic.”
Security experts have always assumed that ransomware hackers are in it for the ransom. But a shocking claim made by one ransomware agent suggests there may be another motive: corporate sabotage.
In an exchange with a security researcher pretending to be a victim, one ransomware agent claimed they were working for a Fortune 500 company.
“We are hired by [a] corporation to cyber disrupt day-to-day business of their competition,” the customer support agent of a ransomware known as Jigsaw said, according to a new report by security firm F-Secure.
Ransomware is an attractive endeavor for cybercriminals. By asking for relatively low amounts of money from victims—as low as $150 or $400—it has a high rate of success. And by targeting thousands of internet users indiscriminately, it scales really well. But if this operator’s statements are true, it seems like a gang of cybercriminals has found a new way to get paid twice: once by ransom, and once by companies to disrupt their competitors.
The operator thought they were talking to just another ransomware victim, but it was actually an F-Secure researcher posing as “Christine Walters,” a fake persona of a 40-year-old from Finland who knows little about computers and nothing about ransomware.
F-Secure researchers used “her” to contact the operators and support agents of several ransomware families. (Ransomware operations now commonly have “support portals” where victims can get help to understand how to unlock files or use bitcoin to pay for the ransom).
In their exchanges, the ransomware agent told “Christine,” that they were surprised she got infected because their operation was targeting specific victims chosen by a corporate client.
“I don’t even know how you got it,” the agent said. “Never have we done anything in Finland.”
The agent never gives too many details, just tantalizing hints. At one point, they say that “the purpose was just to lock files to delay a corporation’s production time to allow our clients to introduce a similar product into the market first.”
“Yes, big name corporation. Fortune 500 company. What I still don’t understand is that the target is in the USA and you and another person in Finland got the email and the client always gives us the contact emails so you are on someone’s mailing list,” the agent told “Christine,” according to F-Secure.
I tried reaching out to the agent via email, but didn’t get an answer for days. When I prodded them again for an interview, I simply got a short response: “I decline. Thank you.”
The agent’s claim that the gang was getting paid by a corporate client to target a specific organization is unprecedented, according to F-Secure.
“If this indeed was a case where ransomware was used on purpose to disrupt a competitor’s operation, it’s the only case we know of,” Mikko Hypponen, the chief research officer at F-secure, told me in an email.
In their last message with “Christine,” the agent says . . .