The DemonWare ransomware group is attempting to bribe employees at target businesses to install ransomware on their employers' networks, according to Abnormal Security.
The attempted digital bribes vow to pay company insiders $1 million in bitcoin -- or 40 percent of the presumed $2.5 million ransom -- if they install the malware on employers' networks, Abnormal Security says.
The good news in all this? Abnormal Security identified and blocked multiple accomplice-for-hire emails sent to customers on August 12, the e-mail security company says.
How DemonWare Discusses Proposed Attacks With Company Insiders
To find potential accomplices within target companies, the threat actor apparently collected employee contact information from LinkedIn.
Leveraging email, the external attacker provided target employees two contact methods -- an Outlook email account and a Telegram usernames -- to discuss proposed attacks and payment methods, Abnormal Security says.
The complete Abnormal Security report is titled: "Nigerian Ransomware: An Inside Look at Soliciting Employees to Deploy DemonWare."
Cyberattacks and Data Breaches: Mitigating Insider Threat Risks
According to Security Insider, there are five fundamental types of insider threats:
- Non-responders to awareness training;
- Inadvertent insiders;
- Insider collusion such as with vendor partners;
- Persistent malicious insiders; and
- Disgruntled employees.
MSPs and MSSPs can take six steps to mitigate insider threats within their own businesses and across customer networks, according to guidance from security platform provider Netsurion:
- Protect sensitive data with role-based access controls;
- implement data encryption;
- address privileged access management (PAM);
- identify anomalous behavior;
- Link cybersecurity and physical security; and
- Add comprehensive visibility and monitoring.
For deeper details on the six steps, see Netsurion's Best Practices to Halt Insider Threats.
