Ransom Attackers Impersonate Security Researchers

Uploaded on 2024-01-24 in TECHNOLOGY--Hackers, FREE TO VIEW

Ransom attackers have a new exploit - they pretend to be legitimate security researchers who promise to hack into the infrastructure of original ransomware gang to delete an organisation’s stolen data for a fee. 

 Arctic Wolf Labs has reported that victim organisations were contacted by the perpetrators after suffering security breaches in the firs reported  instance of malicious actors impersonating researchers, when they were likely the original hacker.

Arctic Wolf is aware of several instances of ransomware cases where the victim organisations were contacted after the original compromise for additional extortion attempts. “In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organisations, offering to hack into the server infrastructure of the original ransomware groups involved to delete exfiltrated data,” says the Arctic Wolf security bulletin. 

Ransomware is a type of malware which prevents you from accessing your devices and the data stored on it, usually by encrypting your files and then a cyber criminal will demand a ransom in exchange for decryption. The hackers may also threaten to leak the data they have stolen. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim.

The first case was first identified in October 2023 and targeted victims of Royal ransomware attackers, who were contacted by an entity called the Ethical Side Group (ESG) claiming that they had gained access to the victim’s stolen data. 

The ESG offered to hack Royal ransomware and delete the previously stolen data for a fee, despite claims that Royal ransomware had previously deleted the data.

The second known instance was  similar, in which a separate entity called 'xanonymoux' contacted a victim of the Akira ransomware encryption attack, claiming they had access to a separate server that hosted the victim’s exfiltrated data and could delete the victim’s data or give the victim access to their server. This was despite the fact that Akira claimed to have only encrypted systems and did not claim to have exfiltrated the victim’s data.

These two cases share similarities, including communication via the Tox messaging platform, posing as a security researcher, claiming access to server infrastructure, offering to prove access to stolen data, specifying the amount of stolen data, and demanding a fee of five Bitcoins ($200,000).

Arctic Wolf's Report highlights the serious risks of relying on criminal extortion enterprises to delete exfiltrated data, even after the payment has been made. 

It is still not known whether the exploit was conducted by the original ransomware groups.

Arctic Wolf:    Arctic Wolf:     Cybernews:     I-HLS:    HelpNetSecurity:      BankInfoSecrutity:     NCA

CyberSecurityNews:     Sanjay Fuloria:      DataBreaches:

Image:  Sammy Sander

You Might Also Read: 

Winning The Battle Against Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Incidents Are The Biggest Risk To Business
Anonymous Sudan Attack London Internet Facility »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

Malware Patrol

Malware Patrol

Malware Patrol provides intelligent threat data that protects against cyber attacks.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

TM One

TM One

TM One is the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) Group.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

Kahootz

Kahootz

Kahootz is a highly secure cloud collaboration platform helping teams to work together across organisations.