When a hacker called the company his gang claimed to have hacked, he felt the same feeling most of us feel when calling the front desk: frustration.
The phone call between the hacker, who claims to represent the DragonForce ransomware gang, and the victim company employee was posted by the ransomware gang on its dark web site in an apparent attempt to pressure the company into paying a ransom demand. In fact, the call recording shows just a laughable and somewhat unsuccessful attempt to blackmail and intimidate ordinary company employees.
The recording also shows how ransomware gangs are always looking for different ways to intimidate the companies they hack.
“It is becoming increasingly common for threat actors to communicate via phone, and this needs to be factored into organizations' response plans. Should we engage or not? Who should engage? Emsisoft Threat Analyst Brett Callow said: “You don't want to be making these decisions while the threat actor is listening to your music.”
In the call, the hacker asks to speak with the “management team.” Instead, two different employees put him on hold until Beth, from HR, answered the call.
“Hi Beth, how are you?” said the pirate.
After a minute in which the two had difficulty hearing each other, Beth told the hacker that she was unaware of the data breach the hacker claimed. When the hacker tries to explain what's happening, Beth interrupts him and asks, “Now, why are you attacking us?”
“Is there a reason you chose us?” Beth insists.
“No need to interrupt me, okay?” “I'm just trying to help you,” the intruder replies, becoming increasingly frustrated.
The hacker then proceeds to explain to Beth that the company she works for has only eight hours to negotiate before the ransomware gang releases the stolen company data.
“It will be published for public access, and will be used for fraudulent and terrorist activities by criminals,” the hacker says.
“Oh, okay,” Beth says, looking confused and not understanding where the data is going to be.
“So it will be on X?” Beth asks. “So is this Dragonforce.com?”
The hacker then threatened Beth, saying that they would start contacting the company's customers, employees, and partners. The hacker adds that they have already contacted the media and provided a recording of a previous call with one of her colleagues, which is also on the gang's dark web website.
“Does that include a conversation with Patricia? Because you know that's illegal in Ohio,” Beth says.
“Excuse me?” The hacker responds.
“You can't do that in Ohio. Did Patricia sign up?” Beth continues.
“Ma’am, I’m a hacker. I don’t care about the law,” the hacker replies, growing increasingly frustrated.
The hacker then tries again to get Beth to negotiate, but to no avail.
“I would never negotiate with a terrorist or a hacker as you call yourself,” Beth responds, asking the hacker to confirm a good phone number to call him back.
When the hacker said they “didn't have a phone number,” Beth was satisfied.
“Okay, I'll go ahead and end this phone call now,” she says. “I think we've spent enough time and energy on this.”
“Well, good luck,” Beth says.
“Thank you, take care,” the hacker says.
The company that was allegedly hacked in this incident, which TechCrunch did not name so as not to help the hackers extort the company, did not respond to a request for comment.
Read more about TechCrunch: