"RansomHouse: Bug Bounty Hunters Gone Rogue?"

A new cybercrime group that calls itself RansomHouse is attempting to carve out a niche of the cyber extortion market for itself by hitting organizations, stealing their data, and offering to delete it and provide a full report on how and what vulnerabilities were exploited in the process if the organization pays their demands.  Researchers at Cyberint stated that RansomHouse's sole purpose is not to act as another ransomware group but rather to act as a pentesting/bug bounty group that forces their services on whoever does not take organizational security seriously enough.  The group does not encrypt the organization's data, they just steal it and promise to delete it if they get paid.  If the victim doesn't pay up, they either attempt to sell the stolen data or leak it online for everyone to see if no one is interested in buying.  The researchers stated that the no-encryption approach is a technique they have seen on the rise lately, although its effect is not always what the threat groups might hope for.  The researchers noted that overall, this technique will not work on every organization, and it depends on what type of data was stolen.  For example, this technique will have a much higher success rate on organizations that are working on secret projects or patents rather than a company whose leak contains a minor number of customers' information.  The researchers stated that by analyzing the contents of the group's Telegram channels, they believe the group might have a blue and red team background and might even be disgruntled bug bounty hunters.

Help Net Security reports: "RansomHouse: Bug Bounty Hunters Gone Rogue?"