Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery
Of course this does nothing for victims' encrypted files
By John Leyden 30 Jan 2018
Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets.
Ransomware scammers have long directed victims to payment portals on the Tor network. For those who do not want to or cannot install the Tor browser necessary to pay their ransoms, operators generally direct victims to a Tor proxy such as onion.top or onion.to, which allows users to access the Tor network via standard web browsers.
But, in what appears to be the first such attack of its kind, operators of a onion.top proxy are performing man-in-the-middle attacks to substitute their own Bitcoin payment addresses for those originally specified in selected ransomware strains, net security firm Proofpoint reports...
theregister.co.uk
related -
Less than half of paying ransomware targets get their files back
Shock revelation: criminals prove to be untrustworthy
...The report says that 55 per cent of the people it surveyed reported a malware infection hitting their systems in 2017. Spain had the highest rate, with 80 per cent of respondents reporting malware, followed by companies in China (74 per cent) and Mexico (71.9 per cent.) In the US, 53.8 per cent of respondents were hit by ransomware, while slightly under half of those in the UK, 49.5 per cent, were hit. Overall, 72.4 per cent of those who were infected with ransomware were able to get their data back. Most of those, however, were companies that simply ignored the ransom demands, then restored their systems with uninfected backup copies. The study found that 86.9 per cent of those who refused to pay the demand ended up recovering their data.
Of those who caved to the demand and paid the ransom, 49.4 per cent said they could recover their data, while 50.6 ended up losing it anyway. The not-so-shocking conclusion is that criminals don't always stay true to their word. ...
theregister.co.uk |
