His son’s school was broken into. Then the ransomware gang called him at home.

Wayne didn’t know his son’s school district had been hacked – its files were stolen and computers locked and held for ransom – until last fall when the hackers started sending direct emails. to him with mutilated threats.

“We took control of the network for several months, so we had plenty of time to carefully research, sift through the data, and prepare for an attack,” one of the three emails he received said. If his son’s school district, the Allen Independent School District in suburban Dallas, doesn’t pay, all of its files, including information about him and his son, “will be released on the black market.” dark,” the emails warned.

It’s a credible threat. Ransomware hackers regularly leak files from organizations that don’t meet their needs and can scattered on the dark web with student personal information.

However, what Wayne received represents a newer tactic. Ransomware hackers, always looking for new ways to put more pressure on the organizations they extort money from, have increasingly infiltrated the everyday people whose information is stored on the computers they attack, harassing scold them by phone and email to get the victim organization to pay.

The hackers, often operating as a gang with close links to members in different countries, have made millions of dollars in recent years by hacking companies’ computer networks. , schools, hospitals and cities of America. Despite the policies of the Biden White House to slow down their attacks, they were almost effective against US targets last year like the previous two, successfully hitting more than 1,000 school districts and healthcare providers by 2021.

Wayne, who asked NBC News to withhold his last name to protect his family’s privacy, has heard of ransomware before. He wasn’t shocked to learn that the Allen School District, which oversees his son’s school, fell victim when he started receiving those emails.

But he was so angry that no one from the school district contacted him, that he had to get the news directly from the hackers themselves.

“They don’t give parents or staff any information,” Wayne said.

The school district did not respond to a request for comment. Wayne said it eventually offered parents and students free credit monitoring services. But he wished he knew sooner that his family’s data had been compromised.

“They didn’t tell us anything,” he said. “That’s the sad part, they could have told us in the first place ‘We’ve been hacked, lock your data.’ They didn’t do that.”

Kurtis Minder, CEO of cybersecurity firm GroupSense, says calls and emails from hackers can be an incredible experience for the average person.

“You have to put yourself in the shoes of an ordinary citizen when you get such a call from some foreign hacker,” he said. “It had to be the strangest experience. Minder said.

Because the cybercrime ecosystem is so complex, practically every major ransomware gang has contact with individuals, said Meredith Griffanti, crisis communications officer for cybersecurity consulting firm FTI Consulting. people like Wayne.

“It became extremely popular,” she said. “It’s almost as if they have their entire PR department running just for that pressure tactic.”

Hackers will use any contact information they can find, such as employee directories or customer databases, to identify individuals they can pressure, she said. force.

“Of course this can be quite scary for people who don’t know this is going on or this attack has happened,” she said.

Sometimes those tactics include calling people who work for the hacked organization. In July last year, a quick-thinking employee at a UK company was able to record one such phone call. Sophos, the cybersecurity firm it hired to deal with the incident, published the appeal.

Chester Wisniewski, a researcher at cybersecurity firm Sophos, said the caller was referring to the General Data Protection Regulation, Europe’s massive data regulatory framework. By law, companies have a responsibility to protect an individual’s personal information and can be subject to hefty fines for failing to protect it.

“They threatened that he could be fined for the GDPR,” he said. “The person who received that voicemail worked in finance, so he would know about the GDPR rules.”

Many ransomware groups have made it part of their daily routine of publishing victim organizations’ files to custom dark web sites if they don’t pay. But this newer tactic is intended to exploit people’s fear that their personal information will be leaked, Wisniewski said.

“They customize the threat according to the context they are dealing with,” he said. “So often when Americans are called, ‘We have your Social Security Number, we have your direct deposit information from your bank, and if you don’t want this to be publicized, we’ll have to wait and see if you can. You really should talk to your IT department. room.'”

https://www.nbcnews.com/tech/security/ransomware-hackers-new-tactic-calling-directly-rcna6466 His son’s school was broken into. Then the ransomware gang called him at home.

Jake Nichol

24ssports is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@24ssports.com. The content will be deleted within 24 hours.

Related Articles

Back to top button