Groups of cybercriminals are looking for profiles capable of finding information, negotiating and putting pressure on victims of cyberattacks, particularly big bosses.
The largest groups of cybercriminals – such as Lockbit, ALPHV, Play – operate today like real companies, with a hierarchy, responsibilities, objectives, but also after-sales service and specialized departments to keep the machine running. In doing so, these groups sometimes need very specific profiles.
Talents that must be sought out, as noted by cyber threat analyst 3xp0rt. He noted that one of these gangs specializing in ransomware, HelloGookie (formerly HelloKitty) is looking for its next “negotiator”. On X (formerly Twitter), 3xp0rt published the job offer he found on a hacker forum:
“ I am looking for a person who can call to overcome this devil who does not want to pay for the work of others », We can read in the recruitment message. Understand: the boss who refuses to pay the ransom demanded by the hackers. In short, a skill that cannot be found on just any CV.
The skills required for this position are:
- Push the right person into paranoia;
- Be able to communicate in English;
- Work with Google / LinkedIn, to find the right people and their information.
The proposed salary is up to $50,000, with a bonus if the victim ultimately gives in. “ We look forward to having you on our happy team », concludes the cybercriminal.
Find personal information about the victim
What does this announcement tell us? First, that groups specializing in ransomware do not abandon the methods they have been practicing for almost four years, namely the theft and blocking of data, then blackmail to put pressure on the victim.
Negotiators ready to destabilize business leaders have joined the pirate teams and are responsible for speaking on behalf of the gang that employs them. A brief message from the Conti collective was also published on YouTube in which we hear a woman with an Eastern European accent. Female voices are regularly sought after by ransomware groups.
These spokespersons for digital crime must not just be eloquent. Their mission is also to seek information about their potential interlocutor to play on their anxiety. Analyst 3xp0rt tells us that they are responsible for “ terrorize employees and their loved ones, thereby putting pressure on their decisions. REvil, DarkSide, Conti, etc. they all did it. They use social engineering to put pressure on the employer. »
A lot of personal information can be found online, by searching social media or company sites. Cybercriminals can then exploit them for their own benefit, directly attacking the employer’s private life.
The drop in ransom payments has also encouraged hackers to show increased determination, not hesitating to directly call the customers of the affected company. Some groups even went so far as to post photos of naked patients from a hospital that was the victim of a cyberattack. The most zealous negotiators are truly willing to do anything for their bonus.
If you liked this article, you will like the following: don’t miss them by subscribing to Numerama on Google News.