Fraudulent groups extorting money through ransomware threats

BleepingComputer reports that at least one group of actors is behind a wave of emails to U.S. companies falsely claiming to have stolen their data and demanding a ransom. Messages to enterprises reportedly started appearing as early as March 16, in which the actors impersonated known ransomware groups including the Silent Ransom Group, who also call themselves Luna Moth, and the Surtr ransomware group. In one instance, a group calling themselves Midnight or the Midnight Group sent a message to a former senior financial planner of a certain company, claiming that they have breached the company's systems and stolen 600 GB of "essential data." Risk consulting firm Kroll's managed detection and response division also reported in March that organizations began receiving similar emails on March 23, under the name of the Silent Ransom Group, and threatening distributed denial-of-service attacks if their demands are not met. Meanwhile, incident response company Arete reported Midnight as impersonating Surtr and SRG while targeting previous ransomware attack victims.