Insiders Can Be Recruited And Coerced

“Wanted—disgruntled employees to deploy ransomware.”

The above statement may seem like a joke job posting, but let me assure you that this sort of blatant advertising for help in committing cybercrime is a common occurrence.

You can find them on social media sites, forums and the dark web. Hidden behind anonymous usernames and VPNs and in countries with little or no interest in catching them, criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. The promise of life-changing sums for running a program on a work computer can be very tempting for staff who are disengaged and have difficult personal circumstances.

Anyone who has read about ransomware will know that it completely disables a company’s computer system until a ransom is paid. Even the most demanding ransom is rarely as costly as the downtime and chaos that ensues once the program takes hold.

In recent years, cyber criminals have taken this nefarious method even further in order to generate even greater sums and place additional pressure on their targeted victim. Firstly, they will exfiltrate corporate data and sell it on the dark web, or failing that, they will expose it globally to weaken the company. In devastatingly shrewd fashion, they then reach out to the victim’s clients and pressure them, too, insisting that their data will also be exposed if the victim doesn’t pay the ransom.

It’s not just social networksthat are targeted for these brazen attempts to recruit conspirators. The reach of the web and the ease of collating data means that cyber criminals have no issue emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

No matter the methods, cyber criminals trolling for disgruntled employees are hardly a new development.

Organisations have long been worried about the very real threat of disgruntled employees creating identities on darknet sites and then offering to trash their employer’s network for a fee. The potential damage that could be caused doesn’t bear thinking about. Banking systems, life support systems, emergency services, nuclear weapons, personal data—the list of potential targets is endless.

Why Does Cybercrime Work So Well?

There are two main reasons why cybercrime is so attractive to criminals. Anonymity is the first. Given the nature of computer systems, it is possible to extract data or launch an application without the company knowing exactly who did it. You can log into someone else’s account and you don’t even need to be in the building. Furthermore, in certain countries these criminals know they are much harder to find and won’t face charges.

In today’s working climate, it is much easier to approach a potential candidate for coercion or blackmail while they are away from the office. Working from home has become far more common. Sadly, for organisations and the people in them, it means that the human connection is being eroded away. If it was hard to spot behaviour changes in the office before, how much harder will that be when you only see colleagues in a Zoom chat?

The other factor is that cybercriminals receive extreme rewards. One successful attack can generate millions of dollars. The scale of the reward is such that they will try all kinds of different ways to reach the same end.

Coercion, blackmail, phishing may all be attempted to extract value and ransom from a company. Criminals will perform multiple attempts because there is no physical harm and the tools used to complete the attack are easily available.