Impersonation is a tactic used by many cybercriminals to make their digital shenanigans successful. The social engineering exploits they use are mostly comprised of impersonating activities. Recently, a cyber defense company has detected that Shade ransomware operators are impersonating a Russian Oil and Gas Company NGK Slavneft to distribute the cryptovirological payload.
The Ransom Note Directs Victim to Dark Web
Shade ransomware was primarily designed to target Russian users. This is the reason why its operators have finished the ransom note in Russian instead of English. As per the translation of the note, the attackers give users a Dark Web link to follow in order to make further correspondence. No extortion amount is mentioned in the note that shade operators are asking to provide a solution for ransomware removal.
By impersonating a well-known oil and gas company, Shade operators have expanded the scope of their activity. They can now target a long list of organizations that could have any working relationship with an oil and gas entity. They also play well at the psychological front. A lot of curious users will click to download the file named ‘Order Detail’ without giving it a second thought.
Right now, there are no details available on the number of victims affected by this latest impersonation of Shade operators.
Shade Operators Has Started the Year with a Bang
This month, Shade operators are targeting Russian speaking users through similar email attachments besides this impersonating campaign, as reported by Carbon Black. Their growing activity suggests that Shade operators are able to make good money in the name of ransomware removal.
Protection Against Shade Ransomware
It has been established that Shade operators are primarily focusing on commercial entities for better ransomware removal extortion prospects. In order to protect their digital infrastructure from Shade or any other ransomware strain, organizations must regularly update their endpoint software applications which can prevent the infiltration of any malicious file in the first place. Backing up critical data can also mitigate the effects of any ransomware attack.