In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands.
“We’ve seen this trend since at least August-September,” Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday.
Ransomware groups that have been seen calling victims in the past include Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk, a spokesperson for cyber-security firm Emsisoft told ZDNet on Thursday.
“We think it’s the same outsourced call center group that is working for all the [ransomware gangs] as the templates and scripts are basically the same across the variants,” Bill Siegel, CEO and co-founder of cyber-security firm Coveware, told ZDNet in an email.
Arete IR and Emsisoft said they’ve also seen scripted templates in phone calls received by their customers.
According to a recorded call made on behalf of the Maze ransomware gang, and shared with ZDNet, the callers had a heavy accent, suggesting they were not native English speakers.
Below is a redacted transcript of a call, provided by one of the security firms as an example, with victim names removed:
By Catalin Cimpanu
December 5, 2020
