Ransomware gang plans to call victim’s business partners about attacks

The ransomware group known as REvil or Sodinokibi has adopted two new strategies to guarantee success in extorting ransom money from its victims, including conducting DDoS attacks and voice calling victims and their business partners, according to Bleeping Computer. The group in February announced a recruitment drive for hackers with knowledge of these procedures, which include Layer 3 and Layer 7 DDoS attacks and voice scrambled VOIP calls to journalists and victims’ partners, with the intent of putting more pressure on victims to pay the ransom, and the operation officially announced plans to use these tactics last week. REvil is providing the voice calls as a free service to affiliates and the DDoS attacks as a paid service. REvil’s ransomware-as-a-service attacks typically earn the group between 20-30% of the ransom money, while the remaining 70-80% go to affiliates. Several other ransomware operations have started to conduct DDoS attacks against victims as part of their operations, including SunCrypt and Ragnar Locker, and the ransomware group Avaddon in January.