Ransomware victims are being targeted by scammers looking to trick them out of even more of their hardearned money, new research has claimed.
A report from Arctic Wolf, which observed at least two such incidents where a person claiming to be an ethical hacker reached out to ransomware victims and offered to break into the ransomware operators’ infrastructure and permanently delete the stolen databases.
In one such instance, the hacker asked for roughly $190,000 in cryptocurrency (up to five bitcoin). Even though the victims were approached by people with different aliases, the researchers believe it’s actually the same individual in both attempts.
Too many coincidences
In one case, the company fell prey to Royal ransomware, while in the other, Akira. In the first instance, the fraudster presented themselves as “Ethical Side Group”, and offered to return the data from the “TommyLeaks” gang, instead of the actual hackers Royal. What’s more, the fraudster didn’t seem to know that the negotiations between the victim and Royal were concluded back in 2022.
In the second incident, a fraudster with an alias “xanonymoux” reached out to a victim firm, offering to delete the data from Akira’s servers when, in reality, Akira never stole the data just encrypted it on the victim’s endpoints.
Finally, Arctic Wolf saw that during the initial communication, in both instances, ten common phrases were used. Both scammers used the same method to prove they had access to the stolen data. All of this led them to believe that this was, in fact, the same individual.
Usually, when a ransomware operator targets a network, they not only encrypt the data, but also steal it and threaten to release it to the dark web, unless a payment is made. In fact, the data theft part is arguably more disruptive than the encryption part, as businesses have become better at restoring their systems from backups. A data leak, however, can cause irreparable damage.