Ransom Attackers Impersonate Security Researchers

Uploaded on 2024-01-24 in TECHNOLOGY--Hackers, FREE TO VIEW

Ransom attackers have a new exploit - they pretend to be legitimate security researchers who promise to hack into the infrastructure of original ransomware gang to delete an organisation’s stolen data for a fee. 

 Arctic Wolf Labs has reported that victim organisations were contacted by the perpetrators after suffering security breaches in the firs reported  instance of malicious actors impersonating researchers, when they were likely the original hacker.

Arctic Wolf is aware of several instances of ransomware cases where the victim organisations were contacted after the original compromise for additional extortion attempts. “In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organisations, offering to hack into the server infrastructure of the original ransomware groups involved to delete exfiltrated data,” says the Arctic Wolf security bulletin. 

Ransomware is a type of malware which prevents you from accessing your devices and the data stored on it, usually by encrypting your files and then a cyber criminal will demand a ransom in exchange for decryption. The hackers may also threaten to leak the data they have stolen. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim.

The first case was first identified in October 2023 and targeted victims of Royal ransomware attackers, who were contacted by an entity called the Ethical Side Group (ESG) claiming that they had gained access to the victim’s stolen data. 

The ESG offered to hack Royal ransomware and delete the previously stolen data for a fee, despite claims that Royal ransomware had previously deleted the data.

The second known instance was  similar, in which a separate entity called 'xanonymoux' contacted a victim of the Akira ransomware encryption attack, claiming they had access to a separate server that hosted the victim’s exfiltrated data and could delete the victim’s data or give the victim access to their server. This was despite the fact that Akira claimed to have only encrypted systems and did not claim to have exfiltrated the victim’s data.

These two cases share similarities, including communication via the Tox messaging platform, posing as a security researcher, claiming access to server infrastructure, offering to prove access to stolen data, specifying the amount of stolen data, and demanding a fee of five Bitcoins ($200,000).

Arctic Wolf's Report highlights the serious risks of relying on criminal extortion enterprises to delete exfiltrated data, even after the payment has been made. 

It is still not known whether the exploit was conducted by the original ransomware groups.

Arctic Wolf:    Arctic Wolf:     Cybernews:     I-HLS:    HelpNetSecurity:      BankInfoSecrutity:     NCA

CyberSecurityNews:     Sanjay Fuloria:      DataBreaches:

Image:  Sammy Sander

You Might Also Read: 

Winning The Battle Against Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Incidents Are The Biggest Risk To Business
Anonymous Sudan Attack London Internet Facility »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

HB-Technologies

HB-Technologies

HB-Technologies is pioneer in Africa, in digital security, embedded electronic and IT solutions based on highly secure smart cards that comply with international standards and norms.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.