The Good Guys Win One
It really was a Nigerian prince (or at least a CEO)
This past summer, warnings went out that scammers were contacting people and asking them to unleash ransomware inside their employer’s network. The deal was for a percentage of any ransom paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme.
The brazen approach targeted disgruntled employees and was first spotted by analysts at the threat intelligence firm Abnormal Security. After receiving the email below, they created a fake persona and responded to the proposal.
Abnormal Security documented how it tied the email back to a Nigerian man who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram. (In June 2021, the Nigerian government officially banned Twitter use in the country, restricting it from operating in Nigeria after the social media platform deleted tweets by the Nigerian president.)
On November 19th, Nigerian police arrested Oluwaseun Medayedupin. Information from investigators says that formal charges will be levied against the defendant sometime this week.
It gets better…
KrebsOnSecurity spoke with a fraud investigator who is performing the forensic analysis of the devices seized from Medayedupin’s home. The investigator spoke on condition of anonymity out of concern for his physical safety.
The investigator’s team confirmed that Medayedupin had around USD $2,000 to his name, which he’d recently stolen from a group of Nigerian fraudsters who were scamming people for gift cards. Apparently, he admitted to creating a phishing website that tricked a member of this group into providing access to the money they’d made from their scams.
Medayedupin reportedly told investigators that for almost a week after he started emailing his ransom-your-employer scheme, nobody took him up on the offer. But after his name appeared in the news media, he received thousands of inquiries from people interested in his idea.
Internal threats are often overlooked. When the breach starts internally, normal security measures such as firewalls and passwords can get bypassed. Contact us today to discuss the potential of internal threats and how best to defend against them.