Ransomware groups are becoming increasingly sophisticated in their attempts to extort businesses from their campaigns. Their latest technique is to use Social Media (Facebook) to let their victims know that their information is about to be released into the wild.
On October 9th, the Ragnar Locker Team compromised an a Facebook account that didn’t’ have 2FA enabled. The Ragnar Locker Team purchased $500 in ads to advertise that they were negotiating an extortion payment.
This is the first time that I have seen this type of campaign, and I am sure it will not be the last. Luckily, for the hacked Facebook account, Facebook noticed fraudulent behavior pretty early after the ad campaign generated 770 clicks and reached around 7,000 Facebook users.
I’m thinking that the logical next step for extortion groups would be to pivot to other social media platforms such as Twitter and Instagram. I can imagine one day in the very near future that a group with a much bigger budget could really do some damage and blast ads to all the social media platforms. It’s a truly scary thought that ransomware groups have taken this novel approach to victim shame.
My recommendations remain that if you do run an account on social media you have the bare minimum of 2FA enabled. My other recommendation is to contact the FBI as soon as possible if you are the victim of a ransomware campaign.