fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Gang Urges Victims’ Customers To Demand A Ransom Payment

Ransomware Gang Urges Victims’ Customers To Demand A Ransom Payment

A ransomware operation known as ‘Clop’ is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy.

A common tactic used by ransomware operations is to steal unencrypted data before encrypting a victim’s network. This data is then used in a double-extortion tactic where they threaten to release the data if a ransom is not paid.

When data is published, it can be damaging to the victim and their customers, as the stolen data could contain personal information, credit cards, social security numbers, and even government-issued identification.

Clop warns customers of impending data leaks

After the Clop gang stole data from jet maker Bombardier in an Accellion hack, they leaked a small amount on their ransomware data leak site. A week later, the threat actors began emailing journalists to let them know that further data would be released.

As Bombardier had already disclosed the data breach, this tactic did not work as hoped by the threat actors.

However, Clop has now taken it a step further and directly emailed victims’ customers found in files or database dumps stolen during the ransomware attack.

Also Read: The DNC Singapore: Looking At 2 Sides Better

The tactic first started with Flagstar Bank customers and then with people exposed in the University of Colorado’s Accellion hack.

In an email seen by BleepignComputer, Clop is now using the same tactic to the customers of an online maternity clothing store, which will not be naming.

In these emails, Clop is sending customers threatening emails with the subject “Your personal data has been stolen and will be published.”

These emails say that the recipient is being contacted as they are a customer of the store, and their personal data, including phone numbers, email addresses, and credit card information, will soon be published if the store does not pay a ransom.

“Perhaps you bought something there and left your personal data. Such as phone, email, address, credit card information and social security number,” the Clop gang states in the email.

Email to customer's of an online store
Email to customer’s of an online store

Clop then tells the customer to “Call or write to this store and ask to protect your privacy!!!!”

In other words, the Clop gang is hoping that if enough customers contact the store about their stolen data, the store will pay the ransom to prevent the data from being published.

While I do not think this tactic will work, it illustrates the continuing pressure ransomware gangs apply to victims by leaking their data and scaring their customers.

Clop is not alone in their attempts to apply maximum pressure on victims to get them to pay ransoms.

Earlier this month, we reported that the REvil ransomware operation was planning on DDoSing victims or making VOIP calls to victims’ customers to apply further pressure.

Also Read: 4 Best Practices On How To Use SkillsFuture Credit

Sadly, regardless of whether a ransom is paid, consumers whose data has been stolen are still at risk as there is no way of knowing if ransomware gangs delete the data as they promise.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us