Ransomware Groups Gain Clout With False Attack Claims

  /     /     /  
Publicated : 23/11/2024   Category : security


Ransomware Groups Gain Clout With False Attack Claims


Technica? Europcar? Cybercriminals are increasingly bluffing about ransomware attacks, and the cybersecurity community is helping by spreading their lies.



The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say — and ransomware misinformation is a threat they predict will only grow in the coming months.
The cybersecurity community should know that cybercriminals arent reliable narrators, but lately, all ransomware groups seem to need is a Dark Web post claiming to have breached an organization, plus a couple of key re-tweets, and presto ... a full blown cyber investigation has ensued; no matter whether any breach has actually occurred or not.
Two specific incidents from the last days of January highlight this growing trend among ransomware groups, according to ransomware expert and threat researcher Yelisey Bohuslavskiy with RedSense: alleged attacks on Technica and on Europcar.
The other side is clearly fighting back — with both the FBI taking entire groups down and businesses putting proper defenses in, he says. Ransomware operators now need to pick up a real fight, but their collectives were never meant for this, as, in their essence, these are petty criminals with no imagination or ingenuity, targeting networks that were left unprotected. Lies and hype are the only things they are left with.
On Jan. 30, headlines blared claims made by ransomware menace
ALPHV (aka BlackCat)
that it had been able to steal classified information from Technica Corp., IT specialists who serve various aspects of the US government, including the Navy and Air Force. As an example of the kinds of deeply sensitive data the company is handling, Technica is currently recruiting on LinkedIn for an open systems administrator position at Langley Air Force Base. Technica also provides IT support for the Federal Bureau of Investigation.
If Technica were indeed breached by ALPHV, the group could conceivably be in possession of top secret stuff, and could pose a serious US national security threat.
Based on the number of security clearances presumably necessary to work for defense contractor Technica, its no surprise that the organization did not publicly comment on the ALPHV claims. Several requests for comment from Dark Reading went unanswered, for instance. But in the messaging void, ALPHVs Dark Web post (containing a threat to release US government secrets) infiltrated the news and gossip cycle with several
tweets
and headlines speculating on the potential fallout of such a
Technica breach
.
But theres is no credible evidence Technica was ever compromised beyond a few screen shots shared by ALPHV, according to Bohuslavsky, who tracks the group closely.
However, the group was able to claim a big win among competitive ransomware cybercrime circles, as well as a bit of revenge on the FBI.
In December, the
FBI seized ALPHVs infrastructure
and took down the ransomware operations leak sites, hobbling the entire business. For the ransomware group to be seen as trading shots with law enforcement, with a compromise of the Feds own IT vendor, it boosts their reputation among the cybercrime set, as well as would-be affiliates.
Car rental company Europcar likewise fell victim to false data breach claims by an anonymous person offering to sell the data of more than 48.6 million people in a hacking forum in the waning days of January.
Europcar flatly denied the ransomware breach
and pointed out that the sample data shared in the Dark Web forum was clearly faked.
After being notified by a threat intel service that an account pretends to sell Europcar data on the dark net, and thoroughly checking the data contained in the sample, the company is confident that this advertisement is false,” the company said in a statement.
Thanks to new tools leveraging artificial intelligence and machine learning, its easier than ever to falsify allegedly stolen data, leaving it up to humans to fact-check these ransomware group claims and stop them from spreading.
False claims like these have always been part of the ransomware ecosystem, but there are a few factors making misinformation even more attractive for these groups these days, according to Bohuslavskiy.
As mentioned, the first is the overall success of cybersecurity defenses in making cybercrime harder, Bohuslavskiy explains. Another is clout chasing among cybercriminals. Bohuslavskiy says these ransomware operators are trying to catch a wave of fame similar to
the one from 2019
that lifted what he calls cybercrime bottom feeders out of obscurity.
And now, they are forced to go back to their outcast state again, he adds. With their operations in decline, they cant keep their ego fed, and their hope that the money they make will help their social status is blown away.
Like most misinformation campaigns, false ransomware claims rely on others to spread them and be taken seriously. Bohuslavskiy urges the native English speaking cybercommunity to stop amplifying these messages; even the simple act of translating the lie into English makes it seem more believable, he warns.
This is a classic post-truth tactic: claim something false and enjoy the hype, he explained. Even if the claim is proven false by professionals, no one will see this.
Researchers at Dragos noted in their recent
ransomware report
that these groups are increasingly refining their media and public relations techniques, courting interviews with journalists and sending out press releases, as well as collaborating to share business tips.
Thus, enterprise cybersecurity teams need recognize and respond with the new ransomware misinformation communications strategy in mind.
Fortunately for them (ransomware groups), the English-speaking cybersecurity community is bending backward to help them with it, Bohuslavskiy said.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ransomware Groups Gain Clout With False Attack Claims