Hackers bribing employees, vendors to deploy ransomware

October 2021 employment law letter

Authors:

Kelly Campbell and Howard R. Feldman, Whiteford, Taylor & Preston, L.L.P.

With ransomware attacks up by more than 150% in the first half of 2021, there seems to be no limit to the methods criminal hackers will use to deploy ransomware or otherwise cause cyber mayhem. Their latest trick: hiring your employees and vendors to help them.

Employees tempted with a cut of the haul

Hackers have been known to send phishing e-mails with malicious attachments, deviously infiltrate remote desktops, and exploit any other security weaknesses they can find to gain access to your network. Additionally, what’s to stop them from simply bribing your employees or vendors to help them deploy ransomware? Nothing.

In a recent post, Crane Hassold, director of threat intelligence at Abnormal Security, explained the employee-assisted method of cyberattack in captivating detail. His team members intercepted and blocked e-mails from a fraudster who solicited their client’s employees for assistance in installing ransomware into their employers’ networks in exchange for a percentage of the ransom.

The fraudster admitted using publicly available contact information, such as that found on LinkedIn, to identify employees to target for the scheme and tried to assuage any concerns the individuals might have about getting caught with misleading or incorrect information.

What employers can do

Continue reading your article with a HRLaws membership