Sign in / up

back to article Ransomware crooks now SIM swap executives' kids to pressure their parents

Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant. "We saw situations where threat actors essentially SIM swap the phones of children of executives, and …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Gene Cash Silver badge

    It's the worst day of their career

    Darn. I'm really sad for 'em... now how many times did you tell IT to "sod off, that backup and security stuff's too expensive"?

    If we aren't going to actually charge the gold offices with anything, I guess this is the next best thing.

    16 9 Reply
    1. LybsterRoy Silver badge
      Reply Icon

      Re: It's the worst day of their career

      In some respects I sort of agree with you, but, to wish this on another human being (and I accept that some CxOs aren't) - NO

      1 0 Reply
  2. chuckufarley
    Go

    My Mamma always said...

    ..."Evil is as Evil Does."

    Aristotle said "I have gained this from the Love of Wisdom: That I do of my own free will what others only do because they fear the Law."

    Leon C. Megginson said: "It is not the strongest or the most intelligent who will survive but those who can best manage change.”

    So maybe it's time to change the way we deal with Evil?

    10 0 Reply
  3. Denarius
    WTF?

    old school solutions needed ?

    if its personal data WTH is it online ? Air gap everything that does not have to be online. Further, bastion hosts, data diodes and so on so it becomes obvious when GB of data is going out door and no direct path into organisation exists but snippets for a single users session can be passed thru with validation. Oh, and change company law so CEO and board become personally liable for big data breaches. Nothing catches spreadsheet jockeys attention like their own wallet.

    Lastly, minimal information gathering for the rest of activities. No stored CC. If one is too lazy to type in credit card info and its equivalents, one shouldnt be trusted with an interactive IT device. But that would hurt G%%gl% and facebitch so no hope

    12 0 Reply
  4. Throatwarbler Mangrove Silver badge
    Unhappy

    Craptocurrency

    And there it is, in black and white:

    Criminals now have a "very easy" way of accepting victims' payments, and they are willing to take "any number of options" to force organizations to pay the ransom demand.

    16 0 Reply
    1. DS999 Silver badge
      Reply Icon

      Re: Craptocurrency

      Crypto made ransomware possible. It wasn't a thing previously because "send a box of cash to this address" or "wire money to this overseas account" left the criminals vulnerable to arrest because someone has to pick up the cash and bank accounts can be frozen and the money more easily traced to an actual person.

      It is years past due making ransomware payments the offer of ransomware insurance illegal. Make payment of any type of "ransom" via crypto even more illegal. Yes it will cause some pain when companies get hit in the aftermath of that law and have no way out. But once ransomware criminals can no longer make money doing it, they will move on to different crimes, or focus their ransomware efforts on countries who haven't made ransomware payments illegal (which will likely cause them to follow suit in short order)

      14 0 Reply
      1. anthonyhegedus Silver badge
        Reply Icon

        Re: Craptocurrency

        They'll find some other way. Cryptocurrency only has worth because the criminals involved will accept it, and the exchanges selling it think it's worth something. Anybody can make up a new currency and call it something else. If we redefined cryptocurrency as "investing in a money laundering operation" - which it is - then it would soon all end. But it won't happen.

        8 0 Reply
        1. vtcodger Silver badge
          Reply Icon

          Re: Craptocurrency

          "They'll find some other way"

          Of course they will. Gold or "If you want to see your data again, throw a suitcase containing $1,000,000 in small unmarked bills off the West end of the Tallahatchie bridge at 3:00 am Monday" or any of a couple of dozen other schemes. Ransom has been around a long time and will probably outlast cryptocurrency by many centuries.

          That said, crypto has been around for a decade and a half. if crypto had any merit whatsoever we'd know about it by now. It's only known utility seems to be money laundering, illicit transactions, and scamming those whose greed is greater than their brainpower. Past time to shut it down. How? Tax the hell out of crypto transactions and jail anyone ho tries to avoid the tax. Use the tax revenues for goodly works and substantial finders fees for those who report crypto tax evaders.

          13 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Craptocurrency

            Do not permit banks and investment companies to legally deal in crypto.

            2 0 Reply
            1. Anonymous Coward
              Reply Icon
              Anonymous Coward

              Re: Craptocurrency

              Oh, young Padawan, much to learn have you! Cryptocurrency eliminates the need for banks & investment companies. Which is why both are scared of it.

              0 4 Reply
  5. cookieMonster
    Pirate

    Nothing like a bit of personal skin in the game

    to focus the mind.

    Before this it was “just customer data”; but now it’s getting personal. Don’t agree with the tactics but at least the asshats in the C-Suite are now getting a taste of what thousands (or millions) of their “customers” suffer.

    NOT sorry for them, at all.

    7 2 Reply
  6. cantankerous swineherd

    having had a big business set the dogs on me for a debt I hadn't incurred, I'm all out of sympathy.

    8 0 Reply
  7. ChoHag Silver badge

    > digital crime has evolved from something that was primarily a problem for banks and the retail industry, to a problem that affects all sectors of the economy.

    Surprise!

    6 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    If I received one of these calls,

    it would make me a lot LESS likely to pay the ransom. I might be convinced to pay the same amount to someone else to get the ransom attempts to stop, and not be particularly picky about how they go about it (as long as they didn't pay the ransomer)...

    4 0 Reply
  9. DMcDonnell

    Little child indoctrination

    Get them young. Addict them to the cellphone when they is young! Disturbing and disgusting to be sure!

    1 3 Reply
  10. Blackjack Silver badge

    Is stuff like this why some people give small kids tablets instead of phones.

    2 0 Reply
  11. Tron Silver badge

    Not as one sided as it seems.

    These gangs are targeting rich and powerful people. Rich and powerful enough to pay tech guys to find them and contract killers to end them.

    Incidentally, the police can and do retrieve crypto. Wouldn't surprise me if the NSA or CIA ran a crypto exchange as well as a VPN.

    1 2 Reply
    1. Marty McFly Silver badge
      Reply Icon
      Boffin

      Re: Not as one sided as it seems.

      Just exactly how do the police "retrieve crypto"??

      There is only one way - if the private key or seed phrase was not properly secured. The police confiscate a device. They go through it forensically. If the private key has been stored insecurely, then they are able to retrieve the crypto. Put a private key in off-line cold storage with a Trezor or Ledger and it is game over for the police.

      Whatever you do, don't ever store significant amounts of crypto currency on an exchange. That is no different than a bank, and yes the police can retrieve that crypto with a court order. Not your keys, not your coins.

      Heck, memorize the seed phrase and delete all your crypto currency wallets. Risky, as the crypto currency will be lost when you cease to function or your memory fails. But there is no way the police, NSA, or CIA are going to get the funds.

      There is no law enforcement backdoor in to crypto currency. That is false information.

      0 0 Reply
  12. MachDiamond Silver badge

    Target schools?

    I'm past breeding age so no kiddies in school. Do the schools collect the information on the kid's phones (name, tel num, etc) and put that in a dB with laughable security? Bad Guys® could target schools where ViPs kids attend and collect up all of that info. It takes many years to build up a good cynical outlook so kids are often free about handing out information they shouldn't in the first place so there's another route(s) to them. Couple all of that with a tendency towards text over a conversation and it can be much easier to spoof kids. They'll know their parents voices, but text messages can be a letter salad.

    1 0 Reply
  13. Paul Hovnanian Silver badge

    Personally, I blame ...

    ... eSIMs. SIM-swapping used to require the exchange of a small bit of hardware. Which could, to some extent, be tracked to an individual or delivery address. Now it can all be done on line with essily available programming software.

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like