Blog Post

Cybercriminals Target Disgruntled Employees to Deploy Ransomware

Louisville Geek • Aug 27, 2021

How do businesses protect themselves?

(Louisville Geek | August 27, 2021) -- Picture this scenario. 


William is an intelligent, up-and-coming 32-year-old IT technician. For the past three years, he’s overseen the organization’s migration to the cloud. Even though he’s passionate about IT, he’s become increasingly frustrated with the leadership. He doesn’t trust their vision for the company, plus he feels he’s underpaid and undervalued. 


One day the vice president lashes out at him in front of the entire team for something that wasn’t even his fault. He decides ‘enough is enough’ and begins polishing his resume. He starts skimming job boards, updates his LinkedIn profile, and sends a few feeler messages to his network notifying them that he’s looking for a new job. 


Then, out of the blue, he receives the following email message: 

Translation: 

William, are you interested in making some money before you leave the company? If so, all I need you to do is install a file on your company server. We will lock up their files and request a $400,000 ransomware fee. To compensate you for your efforts, we will pay you 40% of whatever we receive in BTC. Let me know if you are interested. 


Real Threat 

The scary thing is this: there are ransomware groups acting out this very scenario all over the globe. And, while multi-million-dollar ransomware payments are dominating the headlines, the biggest financial losses tied to cybercrime each year stem from social engineering tactics just like this. These are called Business Email Compromise (BEC) or CEO Scams (where cybercriminals impersonate the organization’s CEO), and according to the latest figures released by the FBI, the reported loss from these threats increased to $1.86 billion in 2020. 


The concept of a disgruntled (or not) employee as a cybersecurity threat isn’t new. In April 2020, a Tesla employee was approached by a member of a Russian ransomware gang who offered the employee $1 million to install malware on the Tesla network. Luckily for Tesla, the employee rejected the offer and instead alerted his employer, which in turn alerted the FBI. The Russian citizen, Egor Igorevich Kriuchkov, was arrested in Los Angeles as he was trying to flee the country. 

How do cybercriminals find their targets?
Cybercrime is a business, and often the perpetrating criminals mirror the practices of legitimate organizations to find, profile, and connect with targets they view as high value. Social media platforms such as LinkedIn and Facebook are goldmines for cybercriminals, especially when most users overshare everything. In the example above, the bad actor most likely identified his targets on LinkedIn based on their job title (CIO, Systems Engineer) and industry (healthcare). Then, they probably wrote a script sending notifications when these profiles are updated (e.g., looking for a new job) and the rest is history.

Protecting Your Business from Profiling and Social Media Engineering
Data has replaced oil as the world’s most valuable commodity. When you consider that the entire business model of social media revolves around collecting data to sell on to advertisers, it’s easy to understand how advantageous social media is for cybercriminals. Here are some ways we recommend protecting your business from these types of attacks. 
  •    Ensure two-factor authentication is applied on all apps, tools, and logins.
  •  Educate your employees about the latest cybersecurity trends and threats and to be mindful about what they post on their own social media accounts. 
  •  Inform your employees about the responsible use of social media. Let them know that this is not only for the organization’s sake, but for theirs as well. 
  •  Ensure that your organization has an offboarding plan that revokes access to any employee leaving the company. 
Final Thoughts 
Even though disgruntled employees are something to be mindful of, keep in mind loyal employees also experience these types of socially engineered tactics on a regular basis. Our best advice is to continuously train your employees about the threats that exist and how to respond to potential incidents. 
 By: Ben Lawrence, Managing Partner at Louisville Geek  (Louisville Geek is a silver sponsor of FEI Louisville).

JOIN FEI TODAY

Join the association of choice for Louisville's financial leaders.  
JOIN TODAY

OUR GOLD SPONSORS

More FEI Louisville News

Steve Klasskin, new FEI member

By Terry McWilliams 06 May, 2024
Please welcome Family Allergy & Asthma's CFO to our organization of financial executives

Benchmarking Sustainability Efforts

By FEI National 26 Apr, 2024
Climate reporting is happening

Accolades, trophies and certificates

By President's Column: Jim Schildt 19 Apr, 2024
Who do you associate with?

Expect fewer interest rate cuts this year

By Uric Dufrene 19 Apr, 2024
The catalyst: higher than expected inflation

President's Corner - 10 Critical AI Impacts on Accounting and Finance

By Jim Schildt 25 Mar, 2024
Jim Schildt's view of where AI will influence the accounting and finance landscape

Get to Know: Michael Chase

21 Mar, 2024
Q&A with New FEI Director-at-Large

Welcoming new members Chris Taft and Kevin Trotta

By Terry McWilliams 07 Mar, 2024
The latest CFOs to join FEI Louisville

Tracking trends in audit fees

By William Stout 19 Feb, 2024
FEI members can readily access the FERF study

President's Corner - Handling Workplace Stress

By Jim Schildt 09 Feb, 2024
Strategies to cope with stress

Uric Dufrene weighs in on Meta's $800 million Indiana project

07 Feb, 2024
Business First taps Dufrene for comment
More Posts
Share by: