January 9, 2024 at 04:13PM
Threat actors impersonating security researchers targeted ransomware victims, offering to hack back attackers and delete stolen data for a fee. Arctic Wolf found instances of this scam targeting organizations hit by Royal and Akira ransomware. The scammers used consistent communication methods, indicating a single actor behind both attempts. This adds to the challenges faced by ransomware victims, compounding their financial burden.
After reviewing the meeting notes, I have extracted the following key takeaways:
1. Organizations affected by the Royal and Akira ransomware groups have been targeted by a threat actor posing as a security researcher, offering to hack back the original attacker and delete stolen victim data for a fee.
2. Both Royal and Akira ransomware operations employ the double extortion tactic, encrypting victim systems after stealing information and threatening to leak the data unless a ransom is paid.
3. Arctic Wolf has investigated cases where victims of these ransomware groups who paid a ransom were subsequently approached by a threat actor purporting to be an ethical hacker or security researcher, offering to provide proof of access to stolen data and delete it for a fee.
4. The scammer used specific monikers and communicated through instant messaging programs, suggesting a consistent modus operandi across multiple attempted scams.
5. These scamming attempts underscore the complex challenges faced by ransomware victims, highlighting additional risks that can compound the financial burden for affected organizations.
If there are any further details or specific actions required based on this information, please feel free to let me know.