Menu
On Monday 13th, an announcement has been released by Grief ransomware gang. They warn that they will delete their victims’ decryption keys if they are found to be hiring any negotiation firm which would lead to it being impossible to recover encrypted files.
” We wanna play a game. If we see professional negotiator from Recovery Company™ – we will just destroy the data. Recovery Company™ as we mentioned above will get paid either way. The strategy of Recovery Company™ is not to pay requested amount or to solve the case but to stall. So we have nothing to loose in this case. Just the time economy for all parties involved. What will this Recovery Companies™ earn when no ransom amount is set and data simply destroyed with zero chance of recovery? We think – millions of dollars. Clients will bring money for nothing. As usual” – Grief ransomware gang
This announcement hasn’t been taken lightly as the Ragnar Locker ransomware group released a similar announcement and have already claimed to have published a victim’s entire stolen data after they hired a ransomware negotiator. There was a concern that was brought up when Ragnar Locker’s announcement was made. There are also beliefs that this tactic has also been adapted as Grief ransomware gang is believed to have connections to the Russian hacking group known as Evil Corp, which the US government have sanctioned.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
