Edition Bleeping computer reports an unusual hacker campaign launched this month.
Last week, the security specialist, known by the pseudonym GrujaRS, was the first noticed the appearance not quite ordinary cryptographer MilkmanVictory. As it turned out, this malware was created by hackers from the CyberWare group, and the main task of this malware is not to extort ransom for decrypting data, as it usually happens, but to destroy information. The fact is that the ransomware was created for attacks against scammers.
This is a ransomware i made to send to scammers.
MAY I ASK WHY YOU ARE MAKING THINGS ABOUT ANTI-SCAMMER RANSOMWRE
– CyberWare (@LiteMods) May 16, 2020
Representatives of the CyberWare group first announced themselves on Twitter, and then agreed to answer questions from Bleeping Computer journalists. The hack group explains that the main goal of their campaign is the company involved in the so-called credit fraud.
“The victims say that they were promised to give a loan, but it turned out that at first it was necessary to pay (to scammers) in order not to get anything in the end,” the hackers say.
In particular, the group attacked the German company Lajunen Loan, whose site currently unavailable. CyberWare members launched a DDoS attack on the resource, and also sent phishing emails to the company’s addresses that infected MilkmanVictory. These messages contain links to malicious executable files disguised as PDF files.
The cryptographer MilkmanVictory was conceived as a viper (wiper, from English to wipe – “erase”). That is, this malware does not intentionally save the encryption key and does not offer victims to contact hackers to pay the ransom. Instead, the message that the malvar leaves behind reads:
"Hello! This computer was destroyed by the MilkmanVictory ransomware because we know that you are a scammer! CyberWare Hackers 🙂 ”.
CyberWare emphasized that they did not extort money from scammers, since fraudsters who steal funds from innocent people do not deserve this.
Journalists at Bleeping Computer note that MilkmanVictory was built on the basis of the famous open-source cryptographer Hidden Tear, which has long been studied by information security experts. This means that even if the encryption key has not been saved, the affected data can still be restored. For example, you can use a free tool for this. Hidden tear decryptor, created by renowned information security expert Michael Gillespie.