Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware. Learn how to spot these scams and protect your business from fraudulent attacks
Recent investigations by Barracuda Networks reveal a new trend in cybercriminal activity: the impersonation of notorious ransomware groups to defraud businesses. Researchers have documented incidents where individuals are falsely claiming affiliation with the Clop ransomware gang, leveraging the group’s notorious reputation to extort payments from unsuspecting companies to capitalize on the fear and notoriety associated with well-known cybercriminal organizations.
The latest research aligns with other recent findings that scammers have been spotted mailing fake ransomware letters to businesses’ physical addresses while posing as BianLian ransomware. These scammers have been targeting businesses in the United States by sending ransomware letters through the US Postal Service.
As for the latest campaign, Barracuda Networks’ report reveals that scammers have been crafting extortion emails that mimic the language and claims of genuine ransomware attacks.
These emails often assert that the perpetrators have successfully infiltrated the target company’s network, exfiltrating sensitive data. To lend credibility to their claims, they reference publicly available information about actual attacks conducted by the group they are impersonating.
For example, they might cite news reports detailing a specific vulnerability exploited by the Clop gang, thereby creating a facade of authenticity. Such as in one email Barracuda Networks shared, scammers use Cl0p ransomware’s exploitation of a vulnerability in Cleo, which Hackread.com reported in December 2024.
It is also worth noting that phishing kits like FishXProxy and Telekopye allow even inexperienced scammers to create realistic phishing pages that mimic legitimate login portals. These platforms have the ability to dynamically adapt to user input and integrate with various communication channels, making them particularly effective at evading detection.
In addition to sophisticated phishing platforms, cybercriminals are also exploiting the vulnerabilities of file formats, such as Scalable Vector Graphics (SVG). These files, which contain embedded scripts, are increasingly being used to deliver malicious payloads. Because these scripts are often overlooked by security tools, they provide a means for attackers to bypass traditional defences and compromise systems.
