In the realm of cyber threats, a fresh extortion method has emerged, catching the attention of researchers. A cyber gang, operating through a blog named Ransomed, is using an unusual approach that raises concerns.
The Unconventional “Digital Peace Tax”
A recent report from cybersecurity firm Flashpoint has revealed the workings of a cyber gang that employs a distinct method to extort payments from victims. The gang, working through the platform Ransomed, doesn’t follow the usual path of encrypting files. Instead, they threaten victims with fines under data protection laws like the EU’s General Data Protection Regulation (GDPR). This different approach exploits the fear of legal actions, pushing victims to pay to protect their stolen data.
Ransomed’s Intentions and Methods
The Flashpoint report sheds light on the unique nature of the Ransomed gang’s operations. The gang calls their demands a “Digital Peace Tax,” a term that sounds official. A similar strategy is used by the LockBit ransomware group, which pretends to offer a “post-paid penetration testing service.” However, a key question remains: Can the gang follow through with their threats, or are they just bluffing?
Uncertainty Surrounding Ransomed’s Origins and Ties
The origin of the Ransomed gang is unclear, but there are hints of possible connections to other platforms involved in data leaks. Researchers suggest links to sites like BreachForums and Exposed, which are known for engaging in cybercrime. These sites have faced issues due to financial troubles or mismanagement, adding to the mystery surrounding the gang’s motives.
Strategic Demands: Finding the Right Balance
Ransomed’s ransom requests are thoughtfully calculated. The gang asks for 50,000 to 200,000 euros, considerably less than the hefty fines imposed by GDPR. This approach aims to make victims more likely to comply. By setting a ransom amount that seems smaller compared to potential legal penalties, the gang hopes to exploit victims’ decision-making process.
Cryptocurrency and Credibility: Revealing Payment Methods
In an unusual move, Ransomed publicly shares two Bitcoin addresses for payments, unlike most cyber gangs that prefer secrecy. This raises questions about the gang’s confidence and their strategies to ensure victims pay up.
Questioning Credibility: Is It Real?
As of now, Ransomed has listed several well-known companies on its blog, but there’s limited evidence that these attacks actually happened. It’s possible that Ransomed is driven by financial motives and is one of several short-lived projects by its creators, according to researchers.
While the full extent of Ransomed’s impact remains uncertain, its unique extortion methods highlight a new way that cyber criminals are dressing up their illegal activities.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.