When a hacker called the company his gang claimed to have breached, he felt the same feeling most of us feel when calling the front desk: frustrated.
The phone call between the hacker, who claims to represent the DragonForce ransomware gang, and the employee of the victim company was published by the ransomware gang on its dark website in an apparent attempt to put pressure on the company to pay a ransom demand. In reality, the recording of the call simply shows a somewhat hilarious and failed attempt to extort and intimidate a company’s rank-and-file employees.
The recording also shows how ransomware gangs are always looking for different ways to intimidate the companies they hack.
“It is increasingly common for threat actors to initiate contact by telephone, and this should be factored into organizations’ response plans. Should we commit or not? Who should get involved? You don’t want to make these decisions while the threat actor is listening to your hold music,” said Brett Callow, threat analyst at Emsisoft.
During the call, the hacker asks to speak to the “management team.” Instead, two different employees put him on hold until Beth from HR answered the call.
“Hi, Beth, how are you?” said the hacker.
After a minute of the two struggling to get along, Beth tells the hacker that she is unaware of the data breach claimed by the hacker. When the hacker tries to explain what’s happening, Beth interrupts and asks, “Now why would you want to attack us?”
“Is there a reason you chose us?” Beth insists.
“No need to interrupt me, okay? I’m just trying to help you,” replies the hacker, increasingly frustrated.
The hacker then explains to Beth that the company she works for only has eight hours to negotiate before the ransomware gang releases the company’s stolen data.
“It will be released for public access and will be used by criminals for fraudulent activities and terrorism,” the hacker said.
“Oh, okay,” Beth said, seemingly perplexed and not understanding where the data was going to be.
“So it will be on X?” » asks Beth. “So this is Dragonforce.com?”
The hacker then threatens Beth, telling her that he will start calling the company’s customers, employees, and partners. The hacker adds that they have already contacted the media and provided a recording of a previous call with one of his colleagues, which is also on the gang’s dark web site.
“So that includes a conversation with Patricia?” Because you know, it’s illegal in Ohio,” Beth says.
“Excuse me?” replies the hacker.
“You can’t do that in Ohio.” Have you registered Patricia? Beth continues.
“Madam, I am a hacker. The law doesn’t interest me,” replies the hacker, even more frustrated.
The hacker then tries once again to convince Beth to negotiate, in vain.
“I would never negotiate with a terrorist or a hacker like you call yourself,” Beth responds, asking the hacker to confirm a good phone number to call back.
When the hacker says he “doesn’t have a phone number,” Beth has had enough.
“Alright, then I’m just going to go ahead and end this phone call now,” she said. “I think we’ve spent enough time and energy on this.”
“Well, good luck,” Beth said.
“Thank you, be careful,” the hacker said.
The company allegedly hacked in this incident, which TechCrunch is not naming so as not to help hackers extort the company, did not respond to a request for comment.
Read more on TechCrunch:
techcrunch
