When a hacker called the company his gang claimed to be hacking, he felt the same way most of us feel when we call the front desk: frustrated.
The phone call between the hacker, who claims to represent the DragonForce ransomware gang, and the employee of the victim company was published by the ransomware gang on its dark web in an apparent attempt to pressure the company to pay a ransom. In fact, the call recording just shows a somewhat hilarious and failed attempt to blackmail and intimidate a company’s employees.
The recording also shows how ransomware gangs are always looking for different ways to intimidate the companies they hack.
“It is increasingly common for threat actors to make contact via telephone and this should be factored into organisations’ response plans. Are we engaged or not? Who should be involved? You don’t want to be making those decisions while the threat actor is listening to your music, said Brett Callow, threat analyst at Emsisoft.
In the call, the hacker asks to speak to the “management team.” Instead, two different employees put him on hold until Beth, from HR, answered the call.
“Hi Beth, how are you?” said the hacker.
After a minute in which the two struggle to hear each other, Beth tells the hacker that she is not familiar with the data breach the hacker claimed. When the hacker tries to explain what’s going on, Beth interrupts and asks, “Now, why would you attack us?”
“Is there a reason you chose us?” Beth insists.
“You don’t have to interrupt me, okay? I’m just trying to help you,” the hacker replies, growing increasingly frustrated.
The hacker then explains to Beth that the company she works for only has eight hours to negotiate before the ransomware gang releases the company’s stolen data.
“It will be published for public access and used for fraudulent activities and terrorism by criminals,” says the hacker.
“Oh, okay,” Beth says, seemingly unfazed and not understanding where the data will be.
“So it will be in X?” Beth asks. “So is this Dragonforce.com?”
The hacker then threatens Beth, saying they will start calling the company’s customers, employees, and partners. The hacker adds that they have already contacted the media and provided a recording of a previous call with one of her colleagues, which is also on the gang’s dark website.
“So this includes a conversation with Patricia? Because you know, that’s illegal in Ohio,” says Beth.
“Excuse me?” the hacker replies.
“You can’t do that in Ohio. Did you record Patricia?’ Beth continues.
“Madam, I am a hacker. I don’t care about the law,” the hacker replies, growing increasingly frustrated.
The hacker then tries once more to get Beth to negotiate, to no avail.
“I would never negotiate with a terrorist or a hacker as you call yourself,” Beth replies, asking the hacker to confirm a good phone number to call them back.
When the hacker says they “don’t have a phone number,” Beth has had enough.
“Okay, well, I’m going to go ahead and end this call now,” he says. “I think we spent enough time and energy on it.”
“Well, good luck,” says Beth.
“Thanks, be careful,” says the hacker.
The company allegedly breached in that incident, which TechCrunch is not naming to avoid helping hackers extort the company, did not respond to a request for comment.
Read more at TechCrunch:
