More ransomware gangs have been establishing a relationship with the media in a bid to strengthen their data extortion efforts, with the practice already being adopted by the RansomHouse, Play, and Royal ransomware operations, according to Dark Reading.
By establishing direct communication with journalists through Telegram channels and "Contact Us" forms, as well as supplementary information, ransomware groups could easily broadcast their exploits and further pressure not only its victims, but also their customers and suppliers, to fulfill their demands, a report from Sophos X-Ops revealed.
Media coverage of ransomware operations have also helped establish credibility for the attackers, noted the report.
"This shows that they're true hackers. Now they're trying to hack the information sphere, as well as the technical sphere," said Sophos X-Ops Director of Threat Intelligence Christopher Budd, who added that other ransomware gangs, including ALPHV/BlackCat and Cl0p, have been more hostile in their dealings with the media, with the former reported to be rectifying incorrect details regarding its attack against MGM Resorts.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
While DumpForums claimed to have infiltrated the company's corporate GitLab server, mail server, and software management services, Dr. Web emphasized that the incident had not resulted in any customer data compromise.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.