More ransomware gangs have been establishing a relationship with the media in a bid to strengthen their data extortion efforts, with the practice already being adopted by the RansomHouse, Play, and Royal ransomware operations, according to Dark Reading.
By establishing direct communication with journalists through Telegram channels and "Contact Us" forms, as well as supplementary information, ransomware groups could easily broadcast their exploits and further pressure not only its victims, but also their customers and suppliers, to fulfill their demands, a report from Sophos X-Ops revealed.
Media coverage of ransomware operations have also helped establish credibility for the attackers, noted the report.
"This shows that they're true hackers. Now they're trying to hack the information sphere, as well as the technical sphere," said Sophos X-Ops Director of Threat Intelligence Christopher Budd, who added that other ransomware gangs, including ALPHV/BlackCat and Cl0p, have been more hostile in their dealings with the media, with the former reported to be rectifying incorrect details regarding its attack against MGM Resorts.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.