Security News > 2024 > January > Cybercrooks play dress-up as 'helpful' researchers in latest ransomware ruse
Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers.
Researchers at Arctic Wolf Labs publicized two cases in which casulaties of the Royal and Akira ransomware gangs were targeted by a third party, believed to be the same individual or group in both scenarios, and extorted by a fake cyber samaritan.
"While the personalities involved in these secondary extortion attempts were presented as separate entities, we assess with moderate confidence that the extortion attempts were likely perpetrated by the same threat actor."
What's also unclear is why victims of Royal and Akira ransomware were targeted.
Korn did allude to a suspicion that the individual or individuals behind the extortion attempts may have had access to the resources used by both ransomware gangs.
Researchers are still working to understand many parts of both incidents, including whether the ransomware gangs sanctioned the follow-up extortion attempts or if it was a separate individual or group acting alone.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/10/phony_ransomware_researchers/