A computer and network security company conducted a comprehensive analysis of a ransomware group’s methods, exploring their target selection process, team compensation, and the overall perspective on their activities.
The brief interaction between Daily Dark Web and Ransomed, a ransomware operator, offered valuable insights into the world of cyber handlers, enhancing our understanding of them.
The interview conducted by the cybersecurity company marked the initial installment in a series the interviewer plans to conduct with access brokers, DDoS groups, forum members, and other ransomware groups, as announced on their social media platform.
For the unversed, in August 2023, Ransomed took a step ahead by launching a Telegram channel and registering the domain name ransomed[.]vc. Just six days after initiating the channel on August 15, they publicly revealed the identity of their first victim on August 21.
Ransomed, also known as RansomedVC, claimed responsibility for the recent Airbus cyber attack. However, it was revealed that the actual perpetrator behind the Airbus cyber attack was a hacker named USDoD, who had recently become associated with the ransomedVC group.
Ransomed Interviewed: Modus Operandi of a Ransomware Operator
In the Ransomed interview, the operator (@RansomedVC) was asked 21 questions. The first few questions in the interview of RansomedVC were about the team’s strength, the motivations behind attacks, and choosing the targets and techniques used to deploy ransomware.
In response to the questions in the Ransomed Interview, it became clear that the ransomware group presently has a strength of 77 affiliates along with other groups as partners. As known to most security researchers, RansomedVC is a financially motivated group.
They also target organizations for political reasons making way for further speculations behind their operations so far.
While naming victims, hackers often state the revenue of the company. In the interview, RansomedVC said the lower limit was 5 million in revenue before they launched a cyber attack.
When asked about the attack vector and gaining access to systems, RansomedVC replied, “This is a question to my affiliates :),’ suggesting that the group may only be concerned with the end results leaving the method of reaching the target to the affiliates.
“I don’t care…,” Ransomed replied when asked how they felt about the losses incurred by their targets. They further added that they had no concerns about the individuals who got impacted by their attacks.
Ethics of Hackers Questioned in the Ransomed Interview
“I attack plastic surgery hospitals, so I have some type of defective ethical views but I don’t attack hospitals,” wrote the Ransomed operator in the interview when prodded about ethical barriers stopping them.
To exert more pressure on the ransomed organization, the group plays around GDPR regulations and penalties to compel ransom payments. “Yes, they pay a lot more than with normal ransom way,” they added. This further highlighted the need to adhere to data privacy regulations by organizations that still do not do so fully.
Ransomed made clear that the posts about them using Breached forum were fallacies. They pay hackers on the terms decided internally and often target the US, Canada, Italy, and the EU.
The answer, “Mostly healthcare and Gas industry,” when asked about the organizations that paid a ransom, throws light on the vulnerable targets that paid a ransom to regain access to their data.
When asked, “How much have you earned financially up to this point?,” they answered, “Enough for me, joking haha. Its never enough,” exposing what lures and keeps them on the other side of legal professions.
In the answer to the last question in the interview of Ransomed, it was found that outside of the cybercriminal activities, they own not one, however, a few businesses.
Ransomed also launders the loot through exchanges and carders to be invested in the businesses they own legally.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.