Most IT executives and employees in the US have been asked to assist in ransomware attacks

Daniel Sims

Posts: 402   +17
Staff
In brief: An increasing number of IT executives and employees have received offers to become insiders in ransomware attacks. A study and report highlight the need for both external and internal IT security measures.

Hitachi ID recently published the results of its latest survey of North American businesses on ransomware attacks. In it, 65 percent of respondents say hackers have approached them or their employees to help carry out ransomware schemes on their own companies. According to Hitachi, it's a 17-percent increase from a November 2021 survey. Only 27 percent of those polled said they had never been approached, and eight percent answered "unsure."

The attackers try to bribe prospective insiders with payments in cash or Bitcoin, usually amounting to $500,000 or less, but a small percentage are offered over a million. About half report the bribe attempt to federal law enforcement, while 18 percent report them internally and externally. Thirty-eight percent of overall respondents said their companies had been hit with ransomware. Of those who said attackers had approached them with bribes, almost half said they later became victims of ransomware attacks.

Most attacker requests—59 percent—come through email, while the rest are via phone calls and social media. Half of the respondents in the survey said they are equally concerned about internal and external security threats, while a little more than a third said they’re only worried about external threats.

Permalink to story.

 

veLa

Posts: 1,158   +815
Oh they do assist, in their own way, by opening obviously fake phishing emails.
 

Paul Deemer

Posts: 25   +19
Attacking corporations and critical infrastructure in the U.S. should be considered Terrorism and come with a mandatory death sentence. If any country hides them put sanctions on them until they give them up. Cyber warfare is the next battleground. You don't take prisoners when the enemy is launching torpedos and missiles at you in a naval battle. You destroy them before they sink you. Why should hackers trying to destroy our country be any different?
 

erickmendes

Posts: 653   +294
Attacking corporations and critical infrastructure in the U.S. should be considered Terrorism and come with a mandatory death sentence. If any country hides them put sanctions on them until they give them up. Cyber warfare is the next battleground. You don't take prisoners when the enemy is launching torpedos and missiles at you in a naval battle. You destroy them before they sink you. Why should hackers trying to destroy our country be any different?

Would you apply that same rule to americans doing internal attacks in american corporations too?