Security News > 2024 > January > “Security researcher” offers to delete data stolen by ransomware attackers
When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised.
Even if an organization gets its data decrypted, they cannot be sure the stolen data has indeed been wiped and won't subsequently be used or sold.
Someone is trying to take advantage of that fact, by posing as a security researcher and asking victimized organizations whether they would like them to hack into the server infrastructure of the ransomware groups involved to delete the exfiltrated data.
"Based on [those] common elements we conclude with moderate confidence that a common threat actor has attempted to extort organizations who were previously victims of Royal and Akira ransomware attacks with follow-on efforts," researchers Stefan Hostetler and Steven Campbell noted.
In both instances, Arctic Wolf was working with the victims of the original ransomware attacks in IR-only engagements, a company spokesperson told Help Net Security.
"In both instances, file listings were provided by the threat actor but no file contents were given. The total amount of data exfiltrated was also accurately reported by the threat actor."
News URL
https://www.helpnetsecurity.com/2024/01/09/delete-stolen-data-ransomware/