The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.

Home/Compromised, Evilproxy, Internet Security, malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Tips/The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.

The emerging ransomware collective “Ransomed” has adopted a novel extortion strategy.

Dubbed “Ransomed,” this group was initially identified by cybersecurity analyst and blogger Flashpoint on August 15th. The group has established a dedicated Telegram channel and is also showcasing a prominent “ransomed” domain name, presumably for their main website.

Know more about Ransomed

“Ransomed is employing an unprecedented extortion method, as indicated by the group’s communications. They exploit data protection regulations such as the EU’s GDPR to intimidate victims with potential fines unless the ransom is paid,” stated Flashpoint.

“This approach represents a deviation from conventional extortion practices, as they manipulate protective statutes to rationalize their illicit assaults.”

Ransomed, currently marketing itself as the “Leading Company in Digital Peace Tax,” attempts to establish legitimacy beyond mere illegitimate operations. While this concept is not entirely novel – many ransomware actors see themselves as pricey penetration testers – Ransomed sets itself apart through its novel extortion techniques.

Rather than resorting to the conventional tactic of data exposure threats, Ransomed employs a distinctive approach. The group exploits data protection regulations, notably the General Data Protection Regulation (GDPR), to coerce victims into paying. The ransom demands are typically considerably lower than potential GDPR fines, making payment an enticing option.

As indicated on its own website, the Ransomed team doesn’t heavily engage in direct hacking. Instead, it functions as an affiliate program, recruiting other hackers to carry out the operational tasks.

According to Flashpoint’s blog post, it remains uncertain whether Ransomed employs a particular ransom method or exclusively pressures victims with data leaks. The group’s Telegram channel initially sought partners but has ceased recruitment, mentioning new members without revealing attack specifics.

The group’s current roster features only nine victims. One individual seems to have paid, another’s details were “removed by request,” which might be reinstated if no payment arrives. The remainder either haven’t paid or are in the midst of doing so.

The group openly reveals its location, urging partners to steer clear of targeting Ukraine or Russia due to the origins of most operators. The group also sets conditions, including not attacking critical infrastructure without consent and providing original data, not recycled from previous leaks.

As Flashpoint highlights, we’re still in the early stages with this team, and confirming the authenticity of the claimed data might prove challenging.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!