A group of hackers is fighting back against online scammers by targeting “scam” companies with ransomware and denial of service attacks.
A new ransomware called MilkmanVictory was recently discovered online and the hackers behind it, who call themselves CyberWare, revealed in a post on Twitter (opens in new tab) that they created it specifically to send to scammers.
BleepingComputer (opens in new tab) also spoke to the group who said they have begun targeting companies performing what they refer to as “loan scams”. In these scams, victims are told that they will receive a loan after making a payment to a company but in reality there is no loan and no way for them to get their money back.
- Lock My PC fights tech support scammers with free recovery keys
- Hackers turn supercomputers into cryptocurrency mining rigs
- We've also highlighted the best ransomware protection
This isn't the first time we've seen hackers targeting other hackers as back in March of this year, Cybereason discovered that hackers were modifying existing hacking tools by injecting a powerful remote-access Trojan into them.
As part of its new campaign against scammers, CyberWare is sending phishing emails containing links to executables disguised as PDF files. The group is also conducting denial of service attacks to bring down scam company's websites.
The MilkmanVictory ransomware is being distributed as a destructive wiper attack as it does not provide victims with a way to contact the attackers and does not save the encryption key. Instead victims receive a ransom note on their computers which reads: “Hello!, This computer has been destroyed with the MilkmanVictory Ransomware because we know you are a scammer! - CyberWare Hackers :-)”.
Apparently the new ransomware is based on HiddenTear and because of this, if a key is not saved, it can still be decrypted using brute force attacks.
CyberWare claims to have targeted the German Lajunen Loan company with a DDoS attack and emails spreading its ransomware. At the time of writing, the company's website is still down which gives credence to the group's claims.
- Also check out our roundup of the best endpoint protection software