A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies’ networks as part of an insider threat scheme.
“The sender tells the employee that if they’re able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom,” Abnormal Security said in a report published Thursday. “The employee is told they can launch the ransomware physically or remotely. The sender provided two methods to contact them if the employee is interested—an Outlook email account and a Telegram username.”
Black Kingdom, also known as DemonWare and DEMON, attracted attention earlier this March when threat actors were found exploiting ProxyLogon flaws impacting Microsoft Exchange Servers to infect unpatched systems with the ransomware strain.
Abnormal Security, which detected and blocked the phishing emails on August 12, responded to the solicitation attempt by creating a fictitious persona and reached out to the actor on Telegram messenger, only to have the individual inadvertently spill the attack’s modus…