The ransomware gang known as HellCat has been drawing attention for its aggressive and innovative tactics to pressure victims into paying ransoms. Instead of simply encrypting data and demanding payments, the group aims to publicly humiliate the companies and institutions it attacks, making the extortion even more severe. This attack method represents a new phase in the cybercrime landscape, where psychological impact and media exposure become additional weapons for criminals.

Since emerging in 2024, HellCat has primarily targeted critical sectors such as energy, education, and even government entities. One of the most concerning aspects of this group is its desire for notoriety, using media coverage as a tool to amplify the effects of its attacks. Recently, the gang demanded a symbolic ransom of $125,000 in "baguettes" from Schneider Electric, a move intended to publicly ridicule the company and reinforce its strategy of humiliation.

Beyond financial extortion, HellCat also employs tactics that increase the exposure of stolen data. On dark web forums, the criminals have been offering root access—the highest level of system control—to servers of compromised companies. This means that, in addition to data encryption, third parties can exploit these systems, further escalating the risks for victims.

The group uses a strategy known as "double extortion," where data is exfiltrated before encryption, allowing the criminals to threaten to leak the stolen information if the ransom is not paid. HellCat also exploits vulnerabilities in widely used corporate software, such as Jira, to gain initial access to company networks. Cybersecurity experts have identified similarities between HellCat and another gang called Morpheus, raising suspicions that the two groups may share infrastructure.

The increasing scale of these attacks, including a recent incident involving Telefónica, highlights the urgent need for stronger security measures. Companies and institutions must adopt advanced strategies to protect their systems, investing in continuous monitoring, regular updates, and rigorous security practices to combat increasingly sophisticated threats.

Source: https://www.cisoadvisor.com.br/ransomware-exige-resgate-de-us-125-mil-em-baguetes/