Ransomware viruses represent a huge problem for Internet users around the world. This is a form of malicious software that encrypts files, operating systems, and even websites. Hackers demand ransom payments in return for the decryption keys.
Distributors of ransomware viruses recently got tricked by other quick-money-lovers who redirected ransom payments from victims to their own wallets.
At first glance, this may seem like a small problem – crooks robbed other crooks. However, this case did not allow the victims of ransomware viruses to unlock their encrypted files because the distributors of malicious software did not receive their ransom payments.
This case is considered to be the first of its kind. How did it happen?
While cybercriminals trust and use one of many VPN services, they also like to use the Tor browser for web anonymity. All websites in this network have the .onion extension. While almost all ransomware viruses provide instructions to download the Tor browser, some prefer to only provide links to Tor proxies that translate Tor traffic into normal web traffic.
The latter method is very important for hackers who seek to simplify the payment process as much as possible. For the victim, it is much faster and easier to follow the link than download an additional program.
Operators of Onion.top proxy secretly scanned the dark web pages uploaded through their portal, in search of Bitcoin addresses, and then replaced them with their own wallet addresses.
Bitcoin addresses were changed on several ransomware payment sites that are connected to such prominent malware strains as LockeR, GlobeImposter and Sigma.
The owners of the service managed to steal at least 2.2 Bitcoins.
The most interesting thing is that this scheme was made public due to the announcement made by hackers themselves. Ransomware authors urged victims not to use the services of the unreliable Onion.top proxy.
Now, offended blackmailers take other measures against this unprecedented insidiousness. They strongly recommend to use only the Tor browser. They also started to break the address of the wallet with tags to make it more difficult to automatically find it on the page.
As noted above, recent victims, such as, for example, the state of Alabama, are the only losers in this case. They paid thousands of dollars in ransom, but did not get their files back as distributors of crypto-viruses did not receive their Bitcoins.
Users may avoid ransomware viruses by not clicking on suspicious email attachments and links received from strangers. It is also important to make regular backups of your files. Even if you get hacked – you will not have to pay the ransom.
Article by David Balaban