A hacker group known as CyberWare is using a new ransomware called MilkmanVictory to target companies that, it believes, are carrying out loan scams.
The CyberWare hacker group has been targeting a number of companies with DDoS attacks and ransomware infections to either take down their sites or to wipe their computers of all data. However, it may not be appropriate to term the malware as ransomware as the hacker group is only targeting companies because they deserve it and not because it wants to earn money.
“I do not ask for money because scammers do not deserve money for scamming innocent people,” a hacker from CyberWare told Bleeping Computer. Instead, ransom notes accompanying malware attacks state that the targeted computers were destroyed because “we know you are a scammer!”
However, companies that have been targeted by CyberWare can still recover their data by using various Hidden Tear Decryptor tools as the ransomware MilkVictory is based on Hidden Tear. The ransomware was first observed in 2015 and is known to target computers running Microsoft Windows.
Commenting on a hacker group using cyber attacks for a supposedly noble cause, Chris Hauk, Consumer Privacy Champion at Pixel Privacy, says that while this attack highlights the new breed of “vigilante” hackers that feel they are getting revenge on companies that have in their opinion scammed other users, the main danger here is the ambiguity around who makes the decisions on which companies to target, and what exactly is an offence that deserves to be revenged.
According to Javvad Malik, Security Awareness Advocate at KnowBe4, it can be very hard to sympathise with scammers and other criminals which get struck by ransomware or DDoS attacks. However, taking down bad guys is not the job for the average person, and should be left to law enforcement.
“One of the challenges with hacking bad guys is that they often operate using infrastructure that they themselves have compromised. So, many times launching an attack against them can result in innocent victims being caught in the virtual crossfire,” he adds.
A very popular example of vigilante hacker groups is Anonymous that has been operating covertly for years. The hacker group gained fame in 2017 after it took out the Daily Stormer, a website owned and operated by White Supremacists and far-right activists. The hacking attack took place after a protest rally led by White Supremacists and far-right activists in Charlottesville, Virginia, turned violent and resulted in racial clashes and the death of an anti-fascist protester.
In the same year, Anonymous also targeted websites run by Spain’s Ministry of Public Works & Transport and its constitutional court in support of a referendum calling for independence of Catalonia from Spain.