Security News > 2021 > August > Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits

Researchers have discovered a Nigerian threat actor trying to turn an organization's employees into insider threats by soliciting them to deploy ransomware for a cut of the ransom profits.

"In this latest campaign, the sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom," researchers wrote in a report published Thursday about the campaign.

"The employee is told they can launch the ransomware physically or remotely."DemonWare, a Nigeria-based ransomware group, has been around for a few years.

Researchers continued to communicate over five days with the threat actors as if they were willing to be a part of the scam.

"Throughout the conversation, the actor repeatedly tried to alleviate any hesitations we may have had by ensuring us that we wouldn't get caught, since the ransomware would encrypt everything on the system," researchers said.

"It is always important that ransomware victims try their best to track down how the ransomware got into their environment," Roger Grimes, data-driven-defense analyst at KnowBe4.

News URL

https://threatpost.com/nigerian-solicits-employees-ransomware-profits/168849/