In recent developments, it has been revealed that some organizations targeted by the Royal and Akira ransomware gangs have fallen victim to a new threat. A threat actor has been posing as a security researcher, offering to hack back the original attacker and delete stolen victim data.
Both Royal and Akira ransomware operations are known to utilize the double extortion tactic, in which they encrypt victim systems after stealing information and threaten to leak the data unless a ransom is paid.
According to cybersecurity company Arctic Wolf, there have been several cases where victims of these two ransomware groups, who have already paid a ransom, were approached by a threat actor claiming to be an ethical hacker or security researcher. This imposter offered to provide proof of access to the stolen data still on the attacker’s servers and claimed they could delete it for a fee of up to five Bitcoins, equivalent to around $190,000 at the time.
Arctic Wolf’s report cites two cases from October and November 2023, in which the cybercriminal contacted organizations that had been compromised by Royal and Akira ransomware. The imposter used different aliases and falsely attributed the attacks to various gangs, demonstrating the complexity and cunning tactics used by these threat actors.
It was also noted that one of the victims had engaged in negotiations with the ransomware actor a year before the recent scam attempt, highlighting the long-term impact and ongoing threats faced by victims of such attacks.
Furthermore, Arctic Wolf reports that the initial communication with the threat actor contained ten common phrases, suggesting that the same individual was behind both scam attempts. This indicates a pattern of behavior and persistence on the part of the threat actor.
Ransomware attacks continue to present a multitude of challenges for victims, extending beyond the immediate crisis of encrypted and stolen data. These recent scam attempts serve as a stark reminder of the multi-faceted nature of the problem and the additional risks that can compound the financial burden for ransomware victims.
In conclusion, the evolving tactics and deceptive strategies employed by threat actors in the realm of cybersecurity underscore the need for constant vigilance and robust security measures. The impact of ransomware attacks is far-reaching and poses significant challenges for organizations of all sizes. It is essential for businesses to stay informed and take proactive steps to protect themselves from such threats.