You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Disgruntled Employees Cashing In On Ransomware?

A recently thwarted attack reveals exactly this tactic from cybercriminals.

Employees and employers don't always see eye to eye.

But what if cybercriminals happened to catch one of those particularly angry employees willing to look past ethical standards in order to make a quick buck? Or $50,000 bucks?

Unfortunately, it's not just about stealing red staplers anymore...

"If they take my stapler, I'll set the building on fire." -Milton ❤️

Researchers at Abnormal Security identified campaigns targeting unhappy employees willing to install ransomware on their employers' networks, in exchange for a cut of the ransom.

Here's how it goes:

A cybercriminal blasts emails to tons of key employees, identifying them with profile information usually scraped from social media. In this case, the attacker specifically cited LinkedIn profile information.

Once one of these employees responds, the attacker dangles the reward - you install the Ransomware, you get a percentage of the payout.

Naturally, the employee should be concerned about criminal ramifications. This is when the cybercriminal reassures their victim that it'll all be untraceable. (Editor's Note: Doubtful)

Assuming the hacker can flip this employee to the darkside, they provide clear instructions on how to download and install the ransomware. And yes, they give steps on how to wipe away your tracks. You know, like that popular story about wiping the server with a cloth from 2015... (that's for you, election junkies 😉)

And if the whole scheme is successful, he or she will get paid quietly in Bitcoin. For those involved in the crypto world, you get the silliness of the "protections" that grants for the recipient.

Can it work?

Yes, absolutely! The hacker can absolutely make this happen.

And yes, it could cost a business a tremendous amount.

It most likely won't work out well for the turncoat employee. Most likely criminal charges, as the bread crumbs will undoubtedly lead back to the perp.

Unfortunately, even if the employee is ultimately caught, any ransom payment is gone.

So what do we do?

First, ensure employees only have the access they need for their specific role. When that changes, access needs to change. This can be difficult to manage, but it's a big reason why so many businesses turn to MSPs to help manage their network security.

Second, implement a robust Security Awareness Training program that also includes pointers on identifying and reporting Insider Threats.

As you might have suspected, INFIMA provides its Partners with Security Awareness Training to train teams to avoid attacks in and out of the office!

And hey, if you're an MSP and want to learn more, go check out how we work with Partners here. If you like what you see, book a time to chat!

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.