Ransom Attackers Impersonate Security Researchers

Uploaded on 2024-01-24 in TECHNOLOGY--Hackers, FREE TO VIEW

Ransom attackers have a new exploit - they pretend to be legitimate security researchers who promise to hack into the infrastructure of original ransomware gang to delete an organisation’s stolen data for a fee. 

 Arctic Wolf Labs has reported that victim organisations were contacted by the perpetrators after suffering security breaches in the firs reported  instance of malicious actors impersonating researchers, when they were likely the original hacker.

Arctic Wolf is aware of several instances of ransomware cases where the victim organisations were contacted after the original compromise for additional extortion attempts. “In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organisations, offering to hack into the server infrastructure of the original ransomware groups involved to delete exfiltrated data,” says the Arctic Wolf security bulletin. 

Ransomware is a type of malware which prevents you from accessing your devices and the data stored on it, usually by encrypting your files and then a cyber criminal will demand a ransom in exchange for decryption. The hackers may also threaten to leak the data they have stolen. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim.

The first case was first identified in October 2023 and targeted victims of Royal ransomware attackers, who were contacted by an entity called the Ethical Side Group (ESG) claiming that they had gained access to the victim’s stolen data. 

The ESG offered to hack Royal ransomware and delete the previously stolen data for a fee, despite claims that Royal ransomware had previously deleted the data.

The second known instance was  similar, in which a separate entity called 'xanonymoux' contacted a victim of the Akira ransomware encryption attack, claiming they had access to a separate server that hosted the victim’s exfiltrated data and could delete the victim’s data or give the victim access to their server. This was despite the fact that Akira claimed to have only encrypted systems and did not claim to have exfiltrated the victim’s data.

These two cases share similarities, including communication via the Tox messaging platform, posing as a security researcher, claiming access to server infrastructure, offering to prove access to stolen data, specifying the amount of stolen data, and demanding a fee of five Bitcoins ($200,000).

Arctic Wolf's Report highlights the serious risks of relying on criminal extortion enterprises to delete exfiltrated data, even after the payment has been made. 

It is still not known whether the exploit was conducted by the original ransomware groups.

Arctic Wolf:    Arctic Wolf:     Cybernews:     I-HLS:    HelpNetSecurity:      BankInfoSecrutity:     NCA

CyberSecurityNews:     Sanjay Fuloria:      DataBreaches:

Image:  Sammy Sander

You Might Also Read: 

Winning The Battle Against Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Incidents Are The Biggest Risk To Business
Anonymous Sudan Attack London Internet Facility »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Venrock

Venrock

Venrock helps entrepreneurs build some of the world's most disruptive, successful companies. We invest in technology: Security, Cloud Services, Big Data, Healthcare IT, AdTech.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

GoTo

GoTo

At GoTo we help people and businesses to connect and collaborate simply and securely – from anywhere. We’re the trusted partner for companies of all sizes.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Infima Cybersecurity

Infima Cybersecurity

INFIMA tackle the hard parts of managing your Security Awareness Training program so you can focus elsewhere.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

Reasonable Risk

Reasonable Risk

Reasonable Risk is the only SaaS GRC platform with Duty of Care Risk Analysis (DoCRA) built in, providing a sensible and defensible cybersecurity position for an organization.