'Robin Hood of ransomware' wreaks revenge on shady businesses
A hacking group has begun targeting companies carrying out “loan scams”
A group of hackers is fighting back against online scammers by targeting “scam” companies with ransomware and denial of service attacks.
A new ransomware called MilkmanVictory was recently discovered online and the hackers behind it, who call themselves CyberWare, revealed in a post on Twitter that they created it specifically to send to scammers.
BleepingComputer also spoke to the group who said they have begun targeting companies performing what they refer to as “loan scams”. In these scams, victims are told that they will receive a loan after making a payment to a company but in reality there is no loan and no way for them to get their money back.
- Lock My PC fights tech support scammers with free recovery keys
- Hackers turn supercomputers into cryptocurrency mining rigs
- We've also highlighted the best ransomware protection
This isn't the first time we've seen hackers targeting other hackers as back in March of this year, Cybereason discovered that hackers were modifying existing hacking tools by injecting a powerful remote-access Trojan into them.
Targeting scammers
As part of its new campaign against scammers, CyberWare is sending phishing emails containing links to executables disguised as PDF files. The group is also conducting denial of service attacks to bring down scam company's websites.
The MilkmanVictory ransomware is being distributed as a destructive wiper attack as it does not provide victims with a way to contact the attackers and does not save the encryption key. Instead victims receive a ransom note on their computers which reads: “Hello!, This computer has been destroyed with the MilkmanVictory Ransomware because we know you are a scammer! - CyberWare Hackers :-)”.
Apparently the new ransomware is based on HiddenTear and because of this, if a key is not saved, it can still be decrypted using brute force attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
CyberWare claims to have targeted the German Lajunen Loan company with a DDoS attack and emails spreading its ransomware. At the time of writing, the company's website is still down which gives credence to the group's claims.
- Also check out our roundup of the best endpoint protection software
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.