Attackers make the victims believe they’re raising money for organizations against children with cancer
Network security and ethical hacking
specialists from the International Institute of Cyber Security say that
ransomware remains one of the most widely used cyberattack variants. Encryption
malware strains, such as Ryuk, SamSam or GandCrab service, continue to affect
thousands of organizations around the world.
In addition, some criminal groups have been
recycling some attack tactics. Criminals using the ransomware variant known as
CryptoMix, for example, infect the victims’ devices to later assure them that
the payments will be used to fund treatments for very sick children, which is
obviously lie.
A recent analysis of this campaign mentions
that the rescue notes that include the CryptoMix attack omit the ransom payment
requirement. Instead, the attackers claim that the payment will be donated to a
fictitious organization for children with cancer. To give more credibility to
their farce, the attackers include information taken from legitimate crowdfunding
sites for sick children.
“We identified some rescue notes that included
photos and stolen information from legitimate crowdfunding sites”, as mentioned
by the experts in network security. “”We have notified the relatives of the children whose images
could have been stolen”.
When a victim of CryptoMix sends an email to
the attackers using the contact information contained in the ransom note, a
message is received through a site called OneTimeSecret, which shares the
Bitcoin wallet to which the victim must send their rescue payment.
“We assume that this tactic is designed so that
the victim does not consider the risks of paying for the ransom,” the network
security experts mention. “However, it is too obvious that the alleged
anti-cancer organization is false and that the information of the sick children
was obtained illicitly.
The city of El Río, in Texas, is one of the
most recent victims of this kind of campaign. In recent days, a group of city
officials issued a statement warning people that the city had been the victim
of a ransomware outbreak that blocked local government servers.
“Our network security department isolated the
ransomware, an operation that required disabling the Internet connection of all
government departments in the city, so the employees could not start any of our
systems. The city Council is carrying out some of its work manually.
Subsequently, we proceeded to inform the FBI about this incident”, mentions the
El Rio statement.
Victoria Vargas, spokeswoman for El Río, later
stated that, as a result of the attack, around 45 systems were disabled,
forcing City Hall employees to work by hand or with typewriter. The
spokesperson also noted that the attackers did not attach their cryptocurrency
address to collect the ransom, but left a telephone number.
