A concerning trend has emerged, revealing the extent to which criminals perpetrating ransomware attacks are willing to go to extract money from their victims. Charles Carmakal, CEO of Mandiant, now under Google’s ownership, highlighted one such alarming scenario during the Google Security Threat Intelligence Panel at the RSA Conference in San Francisco.
According to Carmakal, the situation has escalated as cybercriminals resort to SIM swapping, a technique involving the unauthorized transfer of a victim’s phone number to a new SIM card, to target children’s phones. Subsequently, they use these compromised devices to contact the children’s parents and issue threats to coerce them into paying ransom.
This tactic is a form of psychological manipulation aimed at pressuring victims into compliance. One particularly sinister approach involves calling corporate executives from their children’s phone numbers and threatening dire consequences unless a ransom is paid promptly.
Termed Caller ID Spoofing, this method involves cloning a victim’s SIM card to impersonate them and make fraudulent calls. Cybercriminals fabricate convincing narratives to intimidate victims, leveraging emotional connections to increase the likelihood of ransom payment, often in cryptocurrency.
Imagine the distress of receiving a call seemingly from your child while engrossed in a meeting. The psychological impact of such a scenario can tilt the odds in favor of the hacker, compelling the victim to pay to safeguard their child’s privacy.
In typical ransomware attacks on mobile devices, attackers steal contacts and threaten to expose sensitive information such as photos, messages, and contacts unless a ransom is paid. However, in attacks targeting corporate environments, C-level executives become prime targets for Caller ID spoofing tactics.
In addition to the threat posed by encrypted databases, the risk of stolen data being leaked online looms large in such attacks. Seeking assistance from law enforcement and adhering to cybersecurity experts’ recommendations to mitigate these risks remains the most viable solution.