A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.
"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom," Abnormal Security said in a report published Thursday.
"The employee is told they can launch the ransomware physically or remotely. The sender provided two methods to contact them if the employee is interested-an Outlook email account and a Telegram username."
Black Kingdom, also known as DemonWare and DEMON, attracted attention early March this year when threat attackers were found. Exploiting a flaw in ProxyLogon Affects Microsoft Exchange Server and infects unpatched systems with ransomware strains.
Abnormal Security, which detected and blocked phishing emails on August 12, created a fictitious persona to respond to solicitation attempts and contacted Telegram messenger actors, but the executable file of the attack containing two links. I spilled it carelessly. If the “employee” is an executable ransomware payload that can be downloaded from WeTransfer or Mega.nz.
“The actor also instructed us to destroy the .EXE file and remove it from the Recycle Bin. Based on the actor’s response, he 1) expects employees to have physical access to the server, 2 It’s clear that this is not the case. We are familiar with digital forensics and incident response investigations. “
It’s also worth noting how using LinkedIn to collect email addresses for senior management companies. It reiterates how business email breach (BEC) attacks originating from Nigeria continue to evolve, exposing companies to advanced attacks such as ransomware.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.