Cyber Crooks’ New Low: Fake Samaritans Extort Ransomware Victims for Bitcoin Bounty

Beware the cyber wolf in researcher’s clothing! Ransomware victims, meet your faux savior. Offering a hack-back service for a mere 5 Bitcoin, this digital double-crosser masquerades as a security guru. But alas, it’s just a re-extortion ruse. Stay sharp; these criminals don’t come with capes.

Hot Take:

Oh, the audacity! Just when you thought your digital nightmare was over, along comes a faux-caped crusader promising to delete your stolen data for a fee that would make Batman go broke. Call it a ‘ransomware remix’ – because apparently, getting hit once is just not enough these days.

Key Points:

  • Victims of Royal and Akira ransomware attacks were re-targeted by a fake security researcher for post-exploitation “help”.
  • The faux researcher demanded around 5 Bitcoin ($225,823) to supposedly delete or return the stolen data.
  • Arctic Wolf Labs sniffed out the scam, noting similarities in the extortion attempts, suggesting the same actor behind both.
  • Re-extortion isn’t new, but this twist involves a third party rather than the original ransomware group.
  • Neither of the targeted US-based SMBs caved to the pressure, and the scammer’s identity remains elusive.

Need to know more?

The Plot Twist in the Ransomware Saga

Imagine surviving a ransomware horror show only to be approached by a so-called "security researcher" who's actually a wolf in geek's clothing. These cyber ne'er-do-wells offered a deal too shady to be true: hack back the data from ransomware gangs for a hefty Bitcoin bounty. But Arctic Wolf Labs played detective and followed the breadcrumb trail of digital deceit, linking the extortive offers to a single master of disguises.

Deja Vu with a Bitcoin Price Tag

Remember that one time when getting double-crossed was just in movies? Well, these victims faced a plot twist worthy of a Hollywood thriller – a follow-up shakedown promising to put the digital demons back in their box. All it would cost was a mere 5 Bitcoin ransom – pocket change if your pockets are deeper than the Mariana Trench.

A Not-So-Original Sin

It's like Groundhog Day with a cyber twist – re-extortion is the sequel nobody asked for. Typically, the original ransomware culprits would circle back for seconds, but now we've got freelancers jumping into the game. The nerve of these guys, right? It's a competitive market out there for cyber thugs.

The Not-So-Great Pretenders

The audacious scammer donned various aliases, trying on different hacker hats like a kid in a costume shop. They posed as the "Ethical Side Group" and "xanonymoux," but their lack of notoriety in the cybercrime scene suggests these names were as disposable as their morals.

The Usual Suspects... Or Not?

While the extortionist knew their stuff, spouting specifics about the data heist, the Arctic Wolf sleuths suspect this was a solo act – a rogue ransomware Robin Hood without the giving back part. With two US SMBs standing strong against the Bitcoin bandits, the plot continues to thicken as the investigators piece together this digital cloak-and-dagger caper.

And so, the mystery lingers like the last person at a party who can't take a hint. Was this the work of a lone wolf or a sanctioned side hustle by the ransomware gangs? The cyber soap opera continues, and the credits have yet to roll.

Tags: Akira ransomware, Bitcoin Extortion, Cybercrime Tactics, Ransomware Extortion, Royal Ransomware, Security Researcher Scam, threat intelligence research