Hackers have ventured into a novel business tactic that pledges to delete data stolen by ransomware attackers, offering a dubious assurance to victims in exchange for a modest fee, typically ranging from 1-2 BTC.
The modus operandi involves certain ransomware groups employing double extortion tactics: first, pilfering data from a targeted organization and subsequently encrypting it until a ransom is paid. Should the victim fail to meet the ransom deadline, these groups resort to selling the purloined data on the dark web for financial gain.
However, even if the demanded ransom is paid, there is no guarantee that the attackers will genuinely delete the information; they may exploit or sell it in the future for nefarious purposes.
Security researchers from ‘Artic Wolf’ have encountered a group of cyber criminals online, identifying themselves as the “Ethical Side Group.” This entity claims to possess sophisticated tools capable of infiltrating the IT infrastructure of various ransomware groups and eradicating the stolen data, provided the stipulated sum is paid. The Ethical Side Group is currently accessible through Tox Chat, a peer-to-peer messaging platform prominently featured on GitHub.
Summarizing these operations, several concerning conclusions emerge:
1.) Ransomware victims find themselves compelled to pay both the initial attackers for data decryption and the Ethical Side Group for data eradication from crime servers.
2.) The existence of such a service not only perpetuates cybercrime but also lacks certainty in ensuring the actual deletion of data.
3.) The hacking group’s knowledge of ransomware activities raises questions about why they haven’t cooperated with law enforcement to apprehend the perpetrators.
4.) The possibility arises that these individuals are part of ransomware groups themselves, exploiting opportunities to amass additional profits.
5.) Will this data-wiping service evolve into a component of the ransomware-as-a-service business model?
6.) The fluctuating fees demanded by criminals, dependent on the type of stolen information and the financial standing of the victimized organization, pose an escalating cyber threat.
7.) Regardless of the scenario, the targeted organization inevitably suffers losses.
NOTE- It remains uncertain how these developments will unfold, and as of now, no definitive solution has emerged to curtail the proliferation of ransomware groups. Implementing bans on cryptocurrency trading and usage are not foolproof remedies, and only time will reveal the answers to these pressing questions.