Cybercrime has become sophisticated and the latest news acts as a perfect example to prove it. Nowadays, ransomware authors are being tricked by nasty scammers who are diverting the ransomware payments to their own bitcoins wallets, leaving the victims of encrypted data and the ransomware spreading criminals in jeopardy.
Yes, this is being done with the help of TOR Proxies where the victim sends the ransom to the hacker’s Bitcoin or Monero wallet. But a man in the middle attack is launched by another hacker who diverts those funds to their own cryptocurrency wallet.
California based enterprise security company Proofpoint reports that some operators of onion.top proxy is performing man-in-the-middle attacks with nasty intentions. They are just replacing their own bitcoin payment addresses for those originally specified in selected ransomware strains and as a result of the replacement, the fund transfer of crypto coins is taking place to wallets which aren’t connected to the ransomware attack at all.
And in this whole activity, innocent victims whose databases have been encrypted are facing more embarrassment as the payment they are making is not reaching the right hands. And so they’ll not get their files decrypted even after a payment.
Note- A TOR Proxy service is a web portal which offers web users the privilege to access .onion domains hosted on Tor network without the need to install Tor Browser.
Researchers from Proofpoint say that the best way to dodge such bitcoin address swap behavior is not to use Tor Proxies like Onion.top.
Ransomware authors have also started listing only the pure Tor.onion URL in their ransom notes, advising users to access the payment site only via Tor Browser.
Note- Very Recently, Oxford English Dictionary has included the meaning of ‘ransomware’ into its database. The inclusion was made after UK’s NHS became a victim to WannaCry Ransomware and from then many web users started to google search the exact meaning of Ransomware.