Security News > 2024 > January > “Security researcher” offers to delete data stolen by ransomware attackers
When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised.
Even if an organization gets its data decrypted, they cannot be sure the stolen data has indeed been wiped and won't subsequently be used or sold.
Someone is trying to take advantage of that fact, by posing as a security researcher and asking victimized organizations whether they would like them to hack into the server infrastructure of the ransomware groups involved to delete the exfiltrated data.
"Based on [those] common elements we conclude with moderate confidence that a common threat actor has attempted to extort organizations who were previously victims of Royal and Akira ransomware attacks with follow-on efforts," researchers Stefan Hostetler and Steven Campbell noted.
In both instances, Arctic Wolf was working with the victims of the original ransomware attacks in IR-only engagements, a company spokesperson told Help Net Security.
"In both instances, file listings were provided by the threat actor but no file contents were given. The total amount of data exfiltrated was also accurately reported by the threat actor."
News URL
https://www.helpnetsecurity.com/2024/01/09/delete-stolen-data-ransomware/
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Germany drafts law to protect researchers who find security flaws (source)