What is the OnePercent Group?
The OnePercent Group is a ransomware gang that has been targeting companies since November of 2020. The gang sends out emails in an attempt to convince users to download an infected Word document in a ZIP file. These types of social engineering tactics are surprisingly effective, as people often impulsively download files sent to them via email without thinking to check the sender or the source.
How Does the Threat Work?
Instead of encrypting data found on the infected device, this threat uses macros embedded in the Word document to install a Trojan horse threat on the user’s device. This threat, known as IcedID, is used to steal financial information or login credentials for banking institutions. Furthermore, IcedID can download other types of malware onto the user’s device.
Of particular note is that it can install another type of threat called Cobalt Strike, which is a penetration testing tool. Why would a hacker want this, you ask? It’s simple; it can be used to make a hacking attack that much easier and more efficient by identifying potential pathways for threats on the user’s device.
What’s the Timeline for the Attack?
Using the threats outlined above, OnePercent Group can get a lot of dirt on your business in a relatively short amount of time. After they have collected this information, they issue a ransom note demanding that the victim pay up within a week or risk their data being released online. If the victim refuses to pay up, the group pesters the victims through email and phone calls to pressure them into taking action. If the victim still refuses to pay, they release 1% of the data on the Dark Web. Further resistance leads to the group selling the data to other data brokers on the Dark Web to be sold to the highest bidder.
It just goes to show that as soon as you think you know a threat, they switch things up and try something new. While it can be stressful keeping up with the countless threats found in the online world, it sure is never boring.
Secure Your Business Today
Don’t let the fear of ransomware keep your business from functioning the way it’s supposed to. Aspire can help your organization secure its infrastructure and other critical data. To learn more, reach out to us at (469) 7-ASPIRE.