Dubbed “Ransomed,” this group was initially identified by cybersecurity analyst and blogger Flashpoint on August 15th. The group has established a dedicated Telegram channel and is also showcasing a prominent “ransomed” domain name, presumably for their main website.
Know more about Ransomed
“Ransomed is employing an unprecedented extortion method, as indicated by the group’s communications. They exploit data protection regulations such as the EU’s GDPR to intimidate victims with potential fines unless the ransom is paid,” stated Flashpoint.
“This approach represents a deviation from conventional extortion practices, as they manipulate protective statutes to rationalize their illicit assaults.”
Ransomed, currently marketing itself as the “Leading Company in Digital Peace Tax,” attempts to establish legitimacy beyond mere illegitimate operations. While this concept is not entirely novel – many ransomware actors see themselves as pricey penetration testers – Ransomed sets itself apart through its novel extortion techniques.
Rather than resorting to the conventional tactic of data exposure threats, Ransomed employs a distinctive approach. The group exploits data protection regulations, notably the General Data Protection Regulation (GDPR), to coerce victims into paying. The ransom demands are typically considerably lower than potential GDPR fines, making payment an enticing option.
As indicated on its own website, the Ransomed team doesn’t heavily engage in direct hacking. Instead, it functions as an affiliate program, recruiting other hackers to carry out the operational tasks.
According to Flashpoint’s blog post, it remains uncertain whether Ransomed employs a particular ransom method or exclusively pressures victims with data leaks. The group’s Telegram channel initially sought partners but has ceased recruitment, mentioning new members without revealing attack specifics.
The group’s current roster features only nine victims. One individual seems to have paid, another’s details were “removed by request,” which might be reinstated if no payment arrives. The remainder either haven’t paid or are in the midst of doing so.
The group openly reveals its location, urging partners to steer clear of targeting Ukraine or Russia due to the origins of most operators. The group also sets conditions, including not attacking critical infrastructure without consent and providing original data, not recycled from previous leaks.
As Flashpoint highlights, we’re still in the early stages with this team, and confirming the authenticity of the claimed data might prove challenging.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment