Several digital gangs have gone back on their pledge to honor the ransomware payments made by victims.

The Digital Criminals Who Went Against Their Word

In its Quarterly Ransomware Report for Q3 2020, Coveware notes that nearly half of the ransomware attacks it had tracked during that quarter had included the threat to leak unencrypted data. Yet, multiple gangs did not always delete victims’ stolen data even if they received ransomware payments for that express purpose.

For example, the Sodinokibi/REvil gang extorted victims again for the same data just a few weeks after having received a ransom payment. This group made headlines back in early July last year when KrebsonSecurity learned the attackers were auctioning off the data stolen from an agricultural company.

A few months later, Naked Security wrote about how REvil’s handlers had used $1 million in an attempt to attract more affiliates. In November, the gang behind REvil acquired KPOT, a family of info-stealing malware. The Sodinokibi/REvil gang indulged in its greed for more ransomware payments. By contrast, the Maze group might have eschewed ransoms (willfully or by accident). They published stolen data on their leaks site before users even knew that attackers had stolen it.

In late October, Bleeping Computer covered the retirement of all of Maze ransomware’s attack operations and the migration of many of Maze’s affiliates to Egregor, a seemingly related crypto-malware strain.

Other attackers stood out for their decision to post stolen data after having received payment from their victims. Meanwhile, the Conti gang made noise by showing fake files to their victims as proof of deletion. This tactic enabled the attackers to return for more rounds of extortion in the future, if they so chose.

How to Deal With Ransomware Payments

The findings above raise an important question. Should you pay a ransomware attacker?

The answer is no. There is no guarantee a victim will receive a working decryption tool for their data even if they pay. Also, as Coveware’s report shows, there is no way to verify that attackers will really delete their victims’ data.

In paying a ransomware attacker, victims could also end up incurring fines from the U.S. government.

The U.S. Department of the Treasury in October 2020 clarified that it marked several malicious actors responsible for helping to create or distribute ransomware on its cyber sanctions program. Payments to those actors could help attackers fund more campaigns. These in turn could harm the United States’ national security and foreign policy.

As a result, the Treasury Department announced that it could impose civil liabilities on individuals who send ransomware payments to those actors — even if they didn’t know that what they were doing went against sanctions.

Users and organizations can respond to this development by focusing on their ability to prevent a ransomware infection. They can do this in a few ways. First, make sure you have working data backups. Be sure employees are familiar with phishing attacks and other digital threats. You can also use ongoing awareness training to cultivate such awareness throughout the workforce.

In addition, use threat intelligence to stay informed about evolving ransomware and ransomware payment trends and techniques so that you can better defend your organization.

More from News

Hackers are Increasingly Targeting Auto Dealers

Auto dealerships are increasingly concerned with cybersecurity in the face of new regulations and an alarming rise in cyberattacks. The Second Annual Global State of Cybersecurity Report by CDK Global found that 85% of dealerships say cybersecurity is very or extremely important relative to other operational areas. Additionally, 89% say cybersecurity is more important than last year, a 12% increase. Not surprisingly, only 37% of auto retailers are confident in the current protection, which is a 21% decrease from 2021.…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers. A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords…

Good Guys Decrypt Ransomware Targeting Charitable Groups

Imagine you’re an IT manager amid a ransomware attack. While your team scrambles for solutions, the intruders demand a ransom. Of course, you don’t want to pay; you just want your files back. But as time ticks by and the extortionists turn up the heat, your bosses are about to give in and pay the ransom. But then, the FBI calls. “Don’t pay,” the agent says. “We’ve found someone who can crack the encryption.” Sound too good to be true?…

Threat Groups Offer $240k Salary to Tech Jobseekers

Dark web forums are home to various individuals interested in conducting illicit or questionable activities. These forums offer opportunities such as the transaction of stolen data, Malware-as-a-Service, hacking services and invitations to collaborate in hacktivism. Cyber crime team members are recruited directly from the source: the dark web. What does this activity look like? Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. They examined job postings and resumes that contained information about…