L’FBI and the CISA (Cybersecurity and Infrastructure Security Agency) wanted to alert the population to the fearsome ransomware Scattered Spider.
This, although already active for some time, is surprising cybersecurity experts for its sophistication and, specifically, for its advanced use of techniques social engineering.
The ransomware in question has already affected some large companies in the American context and has proven to be quite advanced, exploiting techniques phishing e push bombing which have established a high rate of effectiveness.
To make the situation even more critical, the attackers who use Scattered Spider sometimes also run other ransomware (such as those proposed by the group BlackCat) during their illegal activities.
Once cybercriminals gain access to a compromised system, they take action using legitimate software to exfiltrate files from your device. A technique as simple as it is effective, as the transfer of information is not perceived as a suspicious action by the protection tools.
Social engineering and ransomware: a potentially devastating combination
Social engineering techniques exploit the explosive mix between technologies IT e human psyche.
By relying on some tactics, in fact, cybercriminals act by forcing the user to download and run a certain file or to fill out a form with their personal data. All this, applied to a delicate context such as that of current ransomware, can be devastating.
FBI and CISA, with respect to Scattered Spider and similar threats, asks victims to Don’t pay the ransom required. In fact, this type of behavior, in addition to not guaranteeing the real return of the stolen information, does nothing but encourage this type of crime.
Regarding this specific malicious campaign, experts explain how it is important to identify any “symptoms” of the infection in time. An unsolicited email requesting verification of an account related to Microsoft Teams o Slackfor example, can be an early sign of suspicious activity.
Both agencies then advise companies to review their security plans and prepare adequate ones security protocols.