FBI Warns Of Crypto Ransomware Gangs Harassing Victims On Calls

FBI has started warning against extortion activities of the DoppelPaymer ransomware gang. The victims are receiving phone calls and have been threatened to send individuals to their homes if they don’t pay the crypto ransom.

As per a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that have been happening since February 2020.

Evgueni Erchov, the Director of IR & Cyber Threat Intelligence at Arete Incident Response said that many ransomware gangs are cold-calling victims if they didn’t receive the ransom. There are gangs such as Sekhmet, Conti, and Ryuk that have been involved in such criminal practices since August. 

FBI PIN issued a number 20201210-001 that provides details about Doppelpaymer’s criminal activity and the sectors on which the group focuses (Healthcare, Emergency Services, and Educational Institutions).

Many tactics, techniques, and procedures are associated with such practices including intimidation through phone calls.

The FBI PIN states, “As of February 2020, in multiple instances, DoppelPaymer actors had followed ransomware infections with calls to the victims to extort payments through intimidation or threatening to release exfiltrated data. In one case an actor, using a spoofed US-based telephone number while claiming to be located in North Korea, threatened to leak or sell data from an identified business if the business did not pay the ransom. During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee’s home address. The actor also called several of the employee’s relatives.”