Ransomware scammers scammed…

…but that doesn’t help the victims.

John Leyden for The Register: Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

So the victim pays the original scammer via the onion[.]top  Tor proxy, but another scammer redirects the payment via a Man-in-the Middle attack to their own Bitcoin account, so even if the scammer was intending to give the victim the decryption key for their files, it’s unlikely that he/she/it will if the payment never reaches him/her/it because some other scumbag got to it first. Charming.

Based on a blog post from Proofpoint: Double dipping: Diverting ransomware Bitcoin payments via .onion domains

David Harley

 

*** This is a Security Bloggers Network syndicated blog from The AVIEN Blog authored by DHarley. Read the original post at: https://avien.net/blog/ransomware-scammers-scammed/