Ransomware gangs are now cold-calling victims if they restore from backups without paying
Earlier this week, DataBreaches.net reported that a Georgia dental group was surprised to get a phone call from threat actors informing them that their files had been exfiltrated by the ransomware threat actors. It seems that when they had detected anomalies, they wiped the server and reinstalled from backup, and perhaps never noticed any “read me” file with a ransom demand.
But just because they had been able to restore from backup doesn’t mean that they were totally out of the woods if their patient data and employee data was in the hands of criminals who might dump it or sell it. And the criminals wanted to make sure they knew that.
That was the first instance of this kind that this site had read about, but apparently, that phone call system has been going on for at lest a few months. Catalin Cimpanu reports:
“We’ve seen this trend since at least August-September,” Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday.
Ransomware groups that have been seen calling victims in the past include Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk, a spokesperson for cyber-security firm Emsisoft told ZDNet on Thursday.
Read more on ZDNet.