Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, Bel Air and in and about Maryland since 2002.

The OnePercent Group: A Slightly Different Approach to Ransomware

The OnePercent Group: A Slightly Different Approach to Ransomware

A recent trend even amongst ransomware threats is that the FBI is issuing warnings regarding how dangerous it is or how difficult certain variants are. This particular threat—the OnePercent ransomware gang—is no exception. Let’s break down what you need to know about the OnePercent Group and how you can prepare to handle attacks not just from this threat, but most ransomware threats.

What is the OnePercent Group?

The OnePercent Group is a ransomware gang that has been targeting companies since November of 2020. The gang sends out emails in an attempt to convince users to download an infected Word document in a ZIP file. These types of social engineering tactics are surprisingly effective, as people often impulsively download files sent to them via email without thinking to check the sender or the source.

How Does the Threat Work?

Instead of encrypting data found on the infected device, this threat uses macros embedded in the Word document to install a Trojan horse threat on the user’s device. This threat, known as IcedID, is used to steal financial information or login credentials for banking institutions. Furthermore, IcedID can download other types of malware onto the user’s device.

Of particular note is that it can install another type of threat called Cobalt Strike, which is a penetration testing tool. Why would a hacker want this, you ask? It’s simple; it can be used to make a hacking attack that much easier and more efficient by identifying potential pathways for threats on the user’s device.

What’s the Timeline for the Attack?

Using the threats outlined above, OnePercent Group can get a lot of dirt on your business in a relatively short amount of time. After they have collected this information, they issue a ransom note demanding that the victim pay up within a week or risk their data being released online. If the victim refuses to pay up, the group pesters the victims through email and phone calls to pressure them into taking action. If the victim still refuses to pay, they release 1% of the data on the Dark Web. Further resistance leads to the group selling the data to other data brokers on the Dark Web to be sold to the highest bidder.

It just goes to show that as soon as you think you know a threat, they switch things up and try something new. While it can be stressful keeping up with the countless threats found in the online world, it sure is never boring.

Secure Your Business Today

Don’t let the fear of ransomware keep your business from functioning the way it’s supposed to. Dresner Group can help your organization secure its infrastructure and other critical data. To learn more, reach out to us at (410) 531-6727.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

What a Recent Study Says About In-House vs Cloud I...
Stop Wasteful or Dangerous Internet Behavior with ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 03 February 2023

Captcha Image

Client Service Login

Latest News & Events

This tournament is scheduled to be held Friday, June 10, 2022. The past six years have all been sold-out and this year is shaping up to be another one for the books you won't want to miss. 

Contact Us

Learn more about what Dresner Group can do for your business.

  • (410) 531-6727
  • 8600 Foundry Street, Suite 302
    Savage, Maryland 20763

Copyright Dresner Group. All Rights Reserved.