Attackers make the victims believe they’re raising money for organizations against children with cancer
Network security and ethical hacking specialists from the International Institute of Cyber Security say that ransomware remains one of the most widely used cyberattack variants. Encryption malware strains, such as Ryuk, SamSam or GandCrab service, continue to affect thousands of organizations around the world.
In addition, some criminal groups have been recycling some attack tactics. Criminals using the ransomware variant known as CryptoMix, for example, infect the victims’ devices to later assure them that the payments will be used to fund treatments for very sick children, which is obviously lie.
A recent analysis of this campaign mentions that the rescue notes that include the CryptoMix attack omit the ransom payment requirement. Instead, the attackers claim that the payment will be donated to a fictitious organization for children with cancer. To give more credibility to their farce, the attackers include information taken from legitimate crowdfunding sites for sick children.
“We identified some rescue notes that included photos and stolen information from legitimate crowdfunding sites”, as mentioned by the experts in network security. “”We have notified the relatives of the children whose images could have been stolen”.
When a victim of CryptoMix sends an email to the attackers using the contact information contained in the ransom note, a message is received through a site called OneTimeSecret, which shares the Bitcoin wallet to which the victim must send their rescue payment.
“We assume that this tactic is designed so that the victim does not consider the risks of paying for the ransom,” the network security experts mention. “However, it is too obvious that the alleged anti-cancer organization is false and that the information of the sick children was obtained illicitly.
The city of El Río, in Texas, is one of the most recent victims of this kind of campaign. In recent days, a group of city officials issued a statement warning people that the city had been the victim of a ransomware outbreak that blocked local government servers.
“Our network security department isolated the ransomware, an operation that required disabling the Internet connection of all government departments in the city, so the employees could not start any of our systems. The city Council is carrying out some of its work manually. Subsequently, we proceeded to inform the FBI about this incident”, mentions the El Rio statement.
Victoria Vargas, spokeswoman for El Río, later stated that, as a result of the attack, around 45 systems were disabled, forcing City Hall employees to work by hand or with typewriter. The spokesperson also noted that the attackers did not attach their cryptocurrency address to collect the ransom, but left a telephone number.