SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Avast uncovers new scam scaring employees into paying big
Thu, 20th Apr 2023

Avast, a digital security and privacy brand of Gen, has identified a new scam designed to look like it is coming from a ransomware or data extortion cyber gang.

Targets, commonly employees from different companies, receive an email from senders claiming to be from a ransomware group, like “Silent Ransom”, or “Lockffit”, addressing them by their full name.

In the message, they indicate that the company is the victim of a security breach and has had a large amount of information stolen including HR data such as employee records, personal, and medical data.

The cyber criminals ask the employees to contact their managers and let them know about the situation, making clear that they have all the information about their company and their clients - threatening to sell the data to other criminals if they don’t receive a response. To further legitimise the urgency, the hoax scammers mention local regulatory laws for data breaches.

Late last year, the Privacy Legislation Amendment Bill 2022 increased the maximum penalties for serious or repeated privacy breaches from a penalty of $2.2 million to up to $50 million or 30% of adjusted turnover in a bid to crackdown on businesses protecting their customer’s data.

Stephen Kho, Cyber Security Expert for Avast says, “To people receiving this email, this can initially appear as an extortion campaign launched by cyber criminals after a genuine data breach. However, all signs indicate that it is simply a scam to scare company decision-makers into paying money to avoid further consequences - such as having data sold on the black market and huge fines.

“Companies want to avoid data breaches and having their customers and clients learn their data has been stolen which we have seen happening with huge companies like Optus and Medibank and most recently, Latitude Financial.

“This tactic is similar to what some ransomware groups do to force victims into paying in exchange for not only getting their data back, but to avoid having their confidential information sold or made public. However, with a legitimate ransomware attack, the criminals encrypt the victim’s data first, which makes it clear that the company’s network is breached. In this case, there is no proof offered, which is a clear indication of a ransomware hoax."

Certain details in these fraudulent emails give away the scam like typos in the message, or the claim to be from the name of an unknown ransomware group - such as ‘Lockffit’. This is a play on Lockbit, which is a well-known legitimate malicious ransomware that blocks users from computer systems in exchange for ransom.

These emails are most likely semi-automated attacks where criminals use a database of addresses in order to send these emails to the list of targets, just with a few changes like the amount of data stolen and the name of the business, similar tactics to those used in sextortion attacks.

Kho says, “When you get an email like this, there is nothing you need to do. There is no malware involved and your computer, and business, are at no risk." 

Kho provides tips when coming across this scam: 

  • Don't panic. Attackers will always use fear and a sense of urgency to force us to make rush decisions. Report it to the department of your company that's in charge of IT security and do not respond to the message.
  • If this isn't managed centrally by your IT department, make sure you have your anti-malware solution updated.
  • As a proactive measure, CISOs and IT departments should make sure to inform their employees that this type of scam exists and urge their employees to report it to them when they receive such a message – and in no case respond to it.