Fake "hack-back" offers are putting ransomware victims at further risk
Fraudsters are now going after ransomware victims
Ransomware victims are being targeted by scammers looking to trick them out of even more of their hard-earned money, new research has claimed.
A report from Arctic Wolf, which observed at least two such incidents where a person claiming to be an ethical hacker reached out to ransomware victims and offered to break into the ransomware operators’ infrastructure and permanently delete the stolen databases.
In one such instance, the hacker asked for roughly $190,000 in cryptocurrency (up to five bitcoin). Even though the victims were approached by people with different aliases, the researchers believe it’s actually the same individual in both attempts.
Too many coincidences
In one case, the company fell prey to Royal ransomware, while in the other, Akira. In the first instance, the fraudster presented themselves as “Ethical Side Group”, and offered to return the data from the “TommyLeaks” gang, instead of the actual hackers - Royal. What’s more, the fraudster didn’t seem to know that the negotiations between the victim and Royal were concluded back in 2022.
In the second incident, a fraudster with an alias “xanonymoux” reached out to a victim firm, offering to delete the data from Akira’s servers when, in reality, Akira never stole the data - just encrypted it on the victim’s endpoints.
Finally, Arctic Wolf saw that during the initial communication, in both instances, ten common phrases were used. Both scammers used the same method to prove they had access to the stolen data. All of this led them to believe that this was, in fact, the same individual.
Usually, when a ransomware operator targets a network, they not only encrypt the data, but also steal it and threaten to release it to the dark web, unless a payment is made. In fact, the data theft part is arguably more disruptive than the encryption part, as businesses have become better at restoring their systems from backups. A data leak, however, can cause irreparable damage.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- There's now a Linux version of this dangerous VMware ransomware
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.