Ransomware victims are being targeted by scammers looking to trick them out of even more of their hard-earned money, new research claims.
A report from Arctic Wolf, which noted at least two such incidents in which a person claiming to be an ethical hacker approached ransomware victims and offered to break into the ransomware operators' infrastructure and permanently delete the stolen databases.
In one such case, the hacker asked for approximately $190,000 in cryptocurrency (up to five bitcoins). Although the victims were approached by people with different aliases, investigators believe it was actually the same individual in both attempts.
too many coincidences
In one case, the company was a victim of Royal ransomware, while in the other, Akira. In the first case, the scammers introduced themselves as “Ethical Side Group” and offered to return the data of the “TommyLeaks” gang, instead of the hackers themselves: Royal. What's more, the scammer did not seem to know that the negotiations between the victim and Royal concluded back in 2022.
In the second incident, a scammer with an alias “xanonymoux” approached a victim company and offered to delete data from Akira's servers when, in reality, Akira never stole the data, only encrypted it on the company's endpoints. victim.
Finally, Arctic Wolf saw that during the initial communication, in both cases, ten common phrases were used. Both scammers used the same method to prove they had access to the stolen data. All this led them to believe that it was, in fact, the same individual.
Typically, when a ransomware operator attacks a network, they not only encrypt the data, but also steal it and threaten to release it on the dark web unless a payment is made. In fact, the data theft part is arguably more damaging than the encryption part, as companies have gotten better at restoring their systems from backups. However, a data leak can cause irreparable damage.
