Ransom Attackers Impersonate Security Researchers

Uploaded on 2024-01-24 in TECHNOLOGY--Hackers, FREE TO VIEW

Ransom attackers have a new exploit - they pretend to be legitimate security researchers who promise to hack into the infrastructure of original ransomware gang to delete an organisation’s stolen data for a fee. 

 Arctic Wolf Labs has reported that victim organisations were contacted by the perpetrators after suffering security breaches in the firs reported  instance of malicious actors impersonating researchers, when they were likely the original hacker.

Arctic Wolf is aware of several instances of ransomware cases where the victim organisations were contacted after the original compromise for additional extortion attempts. “In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organisations, offering to hack into the server infrastructure of the original ransomware groups involved to delete exfiltrated data,” says the Arctic Wolf security bulletin. 

Ransomware is a type of malware which prevents you from accessing your devices and the data stored on it, usually by encrypting your files and then a cyber criminal will demand a ransom in exchange for decryption. The hackers may also threaten to leak the data they have stolen. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim.

The first case was first identified in October 2023 and targeted victims of Royal ransomware attackers, who were contacted by an entity called the Ethical Side Group (ESG) claiming that they had gained access to the victim’s stolen data. 

The ESG offered to hack Royal ransomware and delete the previously stolen data for a fee, despite claims that Royal ransomware had previously deleted the data.

The second known instance was  similar, in which a separate entity called 'xanonymoux' contacted a victim of the Akira ransomware encryption attack, claiming they had access to a separate server that hosted the victim’s exfiltrated data and could delete the victim’s data or give the victim access to their server. This was despite the fact that Akira claimed to have only encrypted systems and did not claim to have exfiltrated the victim’s data.

These two cases share similarities, including communication via the Tox messaging platform, posing as a security researcher, claiming access to server infrastructure, offering to prove access to stolen data, specifying the amount of stolen data, and demanding a fee of five Bitcoins ($200,000).

Arctic Wolf's Report highlights the serious risks of relying on criminal extortion enterprises to delete exfiltrated data, even after the payment has been made. 

It is still not known whether the exploit was conducted by the original ransomware groups.

Arctic Wolf:    Arctic Wolf:     Cybernews:     I-HLS:    HelpNetSecurity:      BankInfoSecrutity:     NCA

CyberSecurityNews:     Sanjay Fuloria:      DataBreaches:

Image:  Sammy Sander

You Might Also Read: 

Winning The Battle Against Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Incidents Are The Biggest Risk To Business
Anonymous Sudan Attack London Internet Facility »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

General Dynamics Information Technology (GDIT)

General Dynamics Information Technology (GDIT)

General Dynamics IT delivers cyber security services to defend critical information and infrastructure.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

CYSEC NG

CYSEC NG

Cyber Security Challenge Nigeria Initiative (CYSEC NG) is the first, and largest offensive premier Cyber Conference and Hacking event in Africa.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

Portshift

Portshift

Portshift leverages the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications security.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.