Grief threatens to remove file decryption keys if the victim contacts an intermediary
The ransomware group Grief threatens to remove the decryption keys for its victims if they seek help from a middleman, thereby making it impossible for them to recover their data.
As reported by SecurityLab, last week the cyber ransomware group Ragnar Locker threatened victims with automatic publication of their files if they contacted law enforcement or an intermediary firm negotiating with ransomware on behalf of their clients.
Ransomware does not like it when professional negotiators interfere in their affairs, as this can lead to a decrease in profits and a delay in paying the ransom, during which the victim can take appropriate action. The Ragnar Locker group stated that the intermediary firms pursue purely financial gain, and they are not very interested in protecting customers. If the victim turns to professional negotiators, Ragnar Locker threatened to publish the files stolen from her.
This week, the Grief (aka Pay or Grief) group went even further and promised to remove the keys to decrypt files if victims turn to intermediary firms.
Such threats are intended not only to increase pressure on victims, but also to help bypass US sanctions. So, Grief is allegedly associated with the sensational hacker group Evil Corp, against which the US government imposed sanctions. By barring victims from contacting negotiating firms, cybercriminals hope that victims will not be alerted to the risks of sanctions and therefore will not be afraid to pay.
Catch up on more articles here
Follow us on Twitter here