Suspect arrested in ‘ransom your employer’ criminal scheme | ZDNet

A Nigerian man has been arrested in connection to a scheme attempting to lure insiders to deploy ransomware on employer systems.

On November 22, security expert Brian Krebs reported that the man, Oluwaseun Medayedupin, was arrested by Nigerian authorities on Friday. 

The suspect is allegedly linked to a ‘ransom your employer’ scheme investigated by Abnormal Security in August. 

Customers of the cybersecurity firm were sent emails with the subject “Partnership affiliate offer,” requesting that the recipient considered becoming an accomplice in a cyberattack. 

The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer’s systems. 

A Microsoft Outlook email address and Telegram handle were provided for interested parties. Abnormal Security researchers reached out under the guise of a fictional person and confirmed they were sent a ransomware executable hosted on two file-sharing websites.

However, the ransomware ‘cut’ on offer was reduced to between $120,000 — $250,000 once the team began communicating with the scheme’s operator.   

The team suspected the ransomware initiative may be of Nigerian origin. When queried, the threat actor said he was attempting to build a social network for Africa called Sociogram and shared his LinkedIn profile containing his full name.  

“According to the actor, he collects his targeting information from LinkedIn, which, in addition to other commercial services that sell access to similar data, is a common method scammers use to obtain contact information for employees,” Abnormal Security said. “[…] he had originally intended to send his targets — all senior-level executives — phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext.”

Medayedupin then reached out to Krebs following his report, asking that the name Sociogram be removed, but at the same time, neither confirming nor denying Abnormal Security’s investigation. Another message followed via a domain registrar, calling “Mr. Krebson” a “clout chasing monger.”

Charges are expected to be brought against Medayedupin, reportedly 23 years of age, this week. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.