Skip to main content

'Robin Hood of ransomware' wreaks revenge on shady businesses

(Image credit: Shutterstock)
Audio player loading…

A group of hackers is fighting back against online scammers by targeting “scam” companies with ransomware and denial of service attacks.

A new ransomware called MilkmanVictory was recently discovered online and the hackers behind it, who call themselves CyberWare, revealed in a post on Twitter (opens in new tab) that they created it specifically to send to scammers.

BleepingComputer (opens in new tab) also spoke to the group who said they have begun targeting companies performing what they refer to as “loan scams”. In these scams, victims are told that they will receive a loan after making a payment to a company but in reality there is no loan and no way for them to get their money back.

This isn't the first time we've seen hackers targeting other hackers as back in March of this year, Cybereason discovered that hackers were modifying existing hacking tools by injecting a powerful remote-access Trojan into them.

Targeting scammers

As part of its new campaign against scammers, CyberWare is sending phishing emails containing links to executables disguised as PDF files. The group is also conducting denial of service attacks to bring down scam company's websites.

The MilkmanVictory ransomware is being distributed as a destructive wiper attack as it does not provide victims with a way to contact the attackers and does not save the encryption key. Instead victims receive a ransom note on their computers which reads: “Hello!, This computer has been destroyed with the MilkmanVictory Ransomware because we know you are a scammer! - CyberWare Hackers :-)”.

Apparently the new ransomware is based on HiddenTear and because of this, if a key is not saved, it can still be decrypted using brute force attacks.

CyberWare claims to have targeted the German Lajunen Loan company with a DDoS attack and emails spreading its ransomware. At the time of writing, the company's website is still down which gives credence to the group's claims.

Via BleepingComputer (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.