Nigerian Ransomware Actor Uses Social Engineering to Bribe Company Employees

Security researchers working with Abnormal Security have intercepted an intriguing batch of emails directed at employees of a company who is a customer of Abnormal. The emails in question attempt to bribe and persuade insiders to install ransomware on their own company's network against the promise of a juicy payment.

The emails are originating from an actor that seems to be connected with the Nigerian-based DemonWare or Black Kingdom ransomware actor. The emails coming from the bad actors were intercepted by Abnormal Security. The hackers have resorted to a relatively new social engineering approach.

They now offer company insiders a million US dollars, allegedly to be paid out in crypto currency, if the insider infects a computer or server belonging to their own employer. The $1 million is presented as 40% of a would-be $2.5 million ransom payment that the hackers claim they would demand.

Researchers from Abnormal Security did contact the bad actors, pretending to play along. As expected, the supposedly Nigerian-based hackers responded and sent links to the ransomware payload, packaged in a file called Walletconnect (1) dot exe.

Curiously, when researchers told the hacker that the company they worked for was small and wasn't making as much money as expected, the ransom demand was also quickly scaled down from the initial $2.5 million to a much more modest $120 thousand.

This is not the first instance of ransomware threat actors attempting to use social engineering tricks and bribing company employees into infecting their own company networks. We recently covered a case where hackers operating the LockBit 2.0 ransomware also attempted to contact and bribe employees into becoming "affiliates" and partnering up with the cybercriminals, against the promise of a fat payout once the hack is executed.

Social engineering is one of the favorite tools of bad actors and has been used with great success in the past, primarily in malspam campaigns.

By Zaib
August 23, 2021
Computer Security
English
August 23, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News, Ransomware

Tech Company Garmin Pays Millions After Ransomware Attack

Garmin, a brand associated with a lot of different GPS systems and sports equipment, reportedly paid millions of dollars of ransom after hackers infected its systems with ransomware in late July 2020. According to... Read more

September 4, 2020
Ransomware

Amateurish DemonWare Ransomware Campaign Recruits Company Workers as Affiliates

The DemonWare Ransomware is a simple project whose creator has made it available on their GitHub page. They state that the DemonWare implant should not be used with malicious intent. Instead, developers can use it for... Read more

August 20, 2021
Computer Security

World's Biggest Meat Supplier Company Hit by Ransomware

JBS, one of the world's biggest food supplier companies and the single biggest meat supplier in the world, became the victim of a ransomware attack. The company expressed the belief that the attack originated from an... Read more

June 2, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.