fbpx
perm_phone_msgConsider your business risks? Chat With US

Ransomware Attackers Offer Holiday Discounts and Greetings

Ransomware BCyber todayJanuary 3, 2020 25

Background
share close

To celebrate the holidays, ransomware operators are providing discounts or season’s greetings to entice victims into paying a ransom demand.

As ransomware operators look at their organizations as a business, it is not surprising to see them offering discounts or season’s greetings to their victims.

Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a “Merry Christmas and Happy Holidays”.

REvil Holiday Ransom Note
REvil Holiday Ransom Note 

The REvil ransom note goes on to suggest that instead of being stressed over the holidays, victims should pay the ransom so that they “have a great opportunity to enter the new year, leaving all the bad in the outgoing year. I advise you to write to us as soon as possible and not waste your precious time that you can spend with your family.”

I am not sure this will have much effect on getting a victim to pay, but it does add a psychological impact to those who have to deal with them during the holidays.

Maze offered a holiday discount

The Maze operators took it a step further with their holiday celebrations by offering a discount to victims.

In a message to BleepingComputer, the Maze operators stated that they were offering a 25% discount if victims paid between December 25th and December 31st.

“We give 25% discount from 25-th december til 31-th December (included) for those who pays in this period of time. Merry christmas.”

It is not known if they applied this discount retroactively to all of their victims, contacted them via the chat service, or some other means.

As part of a “new year celebration”, the Maze operators have also told BleepingComputer that they are discounting the City of Pensacola’s ransom to $500,000 and will no longer share their documents.

“Due to the upcoming new year celebration, we decided not to publish the Pensacola city private information and delete their data completely from our servers, but the article will remain on our news site. We are making a discount of 500 000 USD for them, after the payment, we will remove the article from our news site and give them decryptors,” the Maze operators told BleepingComputer.

It is BleepingComputer’s understanding that the City has no intention of paying the ransom.

Don’t pay, but if you have to, always negotiate

The general rule is that ransomware victims should never pay a ransom as it only encourages this type of  criminal behavior. Instead, users should restore files through backups or by recreating the data.

At the same time, recovering data may not always be an option and businesses are forced to make a ransom payment.

While the holidays have come and gone, if you decide to pay the ransom, make sure to negotiate with the ransomware operators as almost all of them are known to accept lower payments than initially demanded.

If you do not feel comfortable negotiating the payment yourself, you can use a trusted ransomware negotiation service like Coveware to handle this for you.

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat