Skip to main content

Ransomware operators are cold-calling victims that attempt to recover via backup

ransomware
(Image credit: Image Credit: WK1003Mike / Shutterstock )

Ransomware operators have devised a new strategy for turning up the heat on companies that refuse to pay the ransom fee after an attack.

According to a ZDNet report, multiple ransomware groups have begun to call up companies they suspect of attempting to recover from an attack via an offline backup.

Ransomware groups that have been seen to use the tactic so far include Sekhmet, Maze, Conti and Ryuk, an Emsisoft spokesperson told ZDNet. 

According to the CEO of Coveware, meanwhile, the groups could be using the same outsourced call center to conduct the calls, mostly because the templates and scripts were “basically the same” across all the variants.

"We are aware of a 3rd party IT company working on your network. We continue to monitor and know that you are installing SentinelOne antivirus on all your computers. But you should know that it will not help," the caller allegedly says.

"If you want to stop wasting your time and recover your data this week, we recommend that you discuss this situation with us in the chat or the problems with your network will never end."

Victims have said the callers spoke in heavily accented English, leading them to conclude that they likely weren’t from an English-speaking country.

Ransomware operators have been changing their tactics and adapting to new environments swiftly. When organizations begun to keep backups, criminals started downloading sensitive files before encrypting systems, and threatening to release the data online if victims did not comply.