CyberSecurityBoard
Sponsor Register Login

Hackers Impersonate as Security Researcher Aid Ransom Victims

Hackers impersonate security researchers to exploit trust and credibility.
Cybersecurity researchers at Arctic Wolf Labs recently discovered that hackers are actively impersonating security researchers to aid ransomware victims.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
Arctic Wolf Labs researchers found ransomware victims getting extorted again, with fake 'helpers' promising to delete stolen data.
They posed as security researchers in two cases, offering to hack the original ransomware group's servers.
This is the first known case of a threat actor pretending to be a legitimate researcher and offering to delete hacked data from another ransomware group.
Despite different personalities, the security analysts believe it's likely the same actor behind both extortion attempts.
Despite appearing distinct, both cases share key elements.
Analyzing their communication styles revealed clear similarities.
Case 1 - Royal Ransomware Compromise and Ethical Side Group Data Deletion Extortion: In this case, the Ethical Side Group told a Royal ransomware victim in October 2023 via email that they had victim data taken by Royal.
In 2022, Royal said they deleted it, but ESG falsely blamed TommyLeaks.
ESG offered to hack and delete the data from Royal's server for a fee.
Decrypting the complicated world of ransomware, RaaS affiliates juggle multiple encryption payloads.
Uncertainty persists about group sanctioning in follow-on extortion.
Beware of relying on criminal enterprises to delete data post-payment.
After analyzing the similarities found in the documented cases, Researchers reasonably conclude that a single threat actor has been targeting organizations previously affected by Royal and Akira ransomware attacks.
This conclusion is made with a moderate level of confidence.
It remains uncertain if the original ransomware groups authorized the subsequent instances of extortion or if the threat actor operated independently to obtain more funds from the targeted organizations.


This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 12 Jan 2024 04:10:13 +0000


Cyber News related to Hackers Impersonate as Security Researcher Aid Ransom Victims

FTC bans Rite Aid from using facial recognition surveillance for five years - Pharmacy chain Rite Aid is getting a timeout from AI facial recognition surveillance tech thanks to federal regulators. The U.S. Federal Trade Commission today announced a settlement with Rite Aid stating the chain recklessly deployed AI biometric ...
6 months ago Venturebeat.com
FTC's Rite Aid Ruling Rightly Renews Scrutiny of Face Recognition - The Federal Trade Commission on Tuesday announced action against the pharmacy chain Rite Aid for its use of face recognition technology in hundreds of stores. The regulator found that Rite Aid deployed a massive, error-riddled surveillance program, ...
6 months ago Eff.org
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
7 months ago Therecord.media
Hackers Impersonate as Security Researcher Aid Ransom Victims - Hackers impersonate security researchers to exploit trust and credibility. Cybersecurity researchers at Arctic Wolf Labs recently discovered that hackers are actively impersonating security researchers to aid ransomware victims. Compounding the ...
5 months ago Cybersecuritynews.com
U.S. Joins U.K. to Seize LockBit Site, Disrupt Massive Ransomware Variant - The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group. The LockBit ransomware group is one of the most active ...
4 months ago Americansecuritytoday.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
7 months ago Bleepingcomputer.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
7 months ago Packetstormsecurity.com
Staying Ahead of Adversarial AI with Incident Response Automation - The security operations community constantly seeks advancements in incident response. Consolidating security telemetry data, upgrading your organization's cybersecurity posture, and integrating with various artificial intelligence and machine ...
5 days ago Securityboulevard.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
7 months ago Bleepingcomputer.com
Hackers breach Australian court hearing database - The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings. Court Services Victoria, an administrative body that supports the operations of the ...
6 months ago Therecord.media
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
6 months ago Feeds.dzone.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
6 months ago Bloomberg.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
6 months ago Microsoft.com
Hacker Conversations: Runa Sandvik - The driving motivation for almost all cybersecurity researchers is an insatiable curiosity - it's like an itch that must be scratched. How that itch is scratched is the difference between different researchers. Runa Sandvik describes herself as a ...
6 months ago Securityweek.com
Anti-Ransomware Coalition Bound to Fail Without Key Adjustments - COMMENTARY. Ransomware is a pervasive issue affecting businesses of all sizes and industries, and the best way to respond remains hotly debated. While much fanfare coincided with the announcement of a US-led, 40-country coalition to collectively ...
5 months ago Darkreading.com
Estes Declines Ransom Demand Amidst Personal Data Breach and Theft - Estes Express Lines, a major private freight shipping company in the United States, has notified over 20,000 customers about a security breach where their personal information was stolen by unknown hackers. The company revealed that on October 1, ...
5 months ago Cysecurity.news
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
4 months ago Esecurityplanet.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
7 months ago Bbc.com
Ransomware Revenue Down 20% in 2022 as More Victims Refuse to Pay: Report - A new report indicates that the average ransom collected by ransomware attackers has declined by 20% in 2022 as more individuals and organizations are opting to not pay ransom demands. The report, which was released by Check Point Research, also ...
1 year ago Securityweek.com
FBI warns on Scattered Spider hackers, urges victims to come forward - Caesars Entertainment Inc MGM Resorts International Microsoft Corp SAN FRANCISCO, Nov 16 - The FBI warned organizations to guard against the Scattered Spider hacking group, which has breached dozens of American organizations over the past year, ...
7 months ago Reuters.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
4 months ago Cybersecuritynews.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
1 month ago Blog.checkpoint.com
Riot Games Refuses to Give in to Hackers' Ransom Demand - Gaming giant Riot Games recently experienced what it calls a “security incident” in which hackers demanded a ransom in exchange for the release of its data. Riot refused to pay and took measures to protect its employees and customers. The company ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)