Imagine for one moment that you are a cybercriminal.
You have compromised an organisation’s network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation.
However, there’s a problem. Your target is stalling for time. Who can you, as the perpetrator of the crime rather than the innocent victim, turn to for advice?
Well, if you are an affiliate of the Qilin ransomware group, you can simply hit the “Call Lawyer” button.
Because, as researchers at Cybereason have revealed, Qilin has introduced a number of new features for its partners-in-crime.
And these include a legal assistance option.
In a posting on a Russian darknet forum, Qilin is described as having added legal support services to its portfolio in an apparent effort to woo affiliates and project a veneer of professionalism.
From their dashboard, Qilin affiliates can contact the group’s on-call legal eagles to provide guidance that may assist with the extraction of a ransom from the extorted company.
A translation of the posting reads:
The mere presence of a lawyer in the chat exerts indirect pressure on the company and the ransom amount, due to the company’s reluctance to engage in legal proceedings (and associated costs).
The post continues to describe the advantages of working with Qilin’s “legal department”:
- Providing a legal assessment of your data;
- Classifying violations in accordance with the legal and regulatory frameworks of the applicable jurisdiction;
- Legal evaluation of potential damages (including lawsuits, costs, and reputational risks);
- The ability for the company to negotiate directly with a lawyer;
- Consultation on how to inflict maximum economic damage on the company in the event it refuses to meet the stated demands (to prevent such situations in the future).
In a nutshell, Qilin believes that its affiliates will be more successful in extract a ransom demand (and therefore, generating more illicit revenue for itself as well) by communicating more persuasively and professionally.
In the past, ransomware gangs have filed SEC complaints in order to pressure corporate victims who have refused to negotiate, and Qilin’s offer to affiliates of legal counsel feels like the latest evolution of such tactics.
Qilin also claims to have an in-house team of journalists who can help affiliates write text for blog posts, and assist those less versed in composing threatening messages on how to apply pressure during ransom negotiations.
Developments in the world of ransomware like this signal just how far criminal gangs have come in presenting themselves almost as though they were legitimate service providers.
Make no mistake, though. Their goal is just to attract more affiliates, increase the success rate of ransomware attacks, and try to convince victims that they are dealing with sophisticated criminals.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.
