"'Security Researcher' Offers to Delete Data Stolen by Ransomware Attackers"
When an organization faces a ransomware attack and pays the malicious actors behind it to decrypt the encrypted data and delete the stolen data, there is no guarantee that the criminals will do what they promised. Even if an organization's data is decrypted, there is no guarantee that the stolen data has been wiped and will not be used or sold in the future. Someone is attempting to exploit this fact by impersonating a security researcher and asking victimized organizations if they want them to hack into the server infrastructure of the ransomware groups involved in order to delete the stolen data. Arctic Wolf security researchers came across the offer twice, in two separate cases in October and November 2023. This article continues to discuss findings regarding a threat actor posing as a security researcher.
Submitted by grigby1