A Nigerian man has been arrested after establishing a plan to entice employees to implement ransomware on their employers’ systems.
Security expert Brian Krebs reported yesterday, Monday, November 22, that Oluwaseun Medayedupine was arrested by Nigerian authorities on Friday.
The suspect is believed to be linked to a “rescue his employer” case, which was analyzed by Abnormal Security in August.
Clients of the cybersecurity firm received emails with the subject line “Affiliate Offer”, requesting that the recipient consider becoming an accessory to a cyber attack.
The emails offered a 40% reward on a hypothetical $ 2.5 million bitcoin (BTC) ransom. The message instructed recipients to install DemonWare ransomware on their employer’s system.
Interested parties were provided with a Microsoft Outlook email address and a Telegram ID. Researchers at Abnormal Security responded to the offer under the guise of a fictitious identity and confirmed that they had received a ransomware executable hosted on two file-sharing websites.
Information collected on LinkedIn
However, the share of the proposed loot was reduced to between $ 120,000 and $ 250,000 once the team began communicating with the program operator. The team suspected that the initiative could be of Nigerian origin. When asked, the author of the campaign explained that he was trying to create a social network for Africa, called Sociogram. He shared his LinkedIn profile with his full name.
The hacker specifies that it “collects your targeting information from LinkedIn, which, in addition to other business services that sell access to similar data, is a common method used by criminals to obtain employee contact information,” explains Abnormal Security. ” […] He originally intended to send his targets, all the top executives, phishing emails to compromise their accounts, but after failing, he resorted to this ransomware offering. “
Oluwaseun Medayedupine then contacted Brian Krebs after his report, requesting that the Sociogram name be removed. At the same time, it does not confirm or deny the Abnormal Security investigation. Another message followed, through a domain registrar, calling “Mr. Krebson” an “influence broker”.
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled