Ransomware scammers scammed…

…but that doesn’t help the victims.

John Leyden for The Register: Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

So the victim pays the original scammer via the onion[.]top  Tor proxy, but another scammer redirects the payment via a Man-in-the Middle attack to their own Bitcoin account, so even if the scammer was intending to give the victim the decryption key for their files, it’s unlikely that he/she/it will if the payment never reaches him/her/it because some other scumbag got to it first. Charming.

Based on a blog post from Proofpoint: Double dipping: Diverting ransomware Bitcoin payments via .onion domains

David Harley



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.