Two ransomware groups fight inside victims’ computer network


For the first time in cyber history, two ransomware groups were found fighting inside a victim’s computer network, trying their best to encrypt each others ransom note and trying to hijack the ransom paid. But did they succeed?

Going forward with the details, a Canadian Healthcare Organization (HCO) was targeted by Conti and Karma ransomware gangs. While the latter chose to just steal the data from the database and did not encrypt any info. The former took a step forward and encrypted the entire database after stealing a portion of data.

The highlight is that the Conti Ransomware group hijacked the ransom note left by Karma Ransomware Group and openly revealed that the victim should pay them the ransom if they wanted their database to be freed from the malware. And specified that the ransom note posted by the Karma gang should be ignored.

Security analysts state that the victimized company could have gone through a nightmare when two file encrypting malware spreading gangs hit the same target. Preliminary analysis discovered that the attack took place with the exploitation of a vulnerability on Microsoft Exchange Servers.

Sean Gallagher, a senior threat researcher at Sophos threw some light on what exactly happened- In August last year, the Karma Ransomware Gang infiltrated the network of the HCO and dropped a ransom note in December 2021 that it will release the stolen data into the web, if the victim doesn’t bow to their demands.

Surprisingly, Conti ransomware gang somehow jumped into the network and hijacked the entire process and took control of the malware driven computers, thus neutralizing the effect of Karma on the network.

Sophos did its best to technically deal with the scenario and pull out the victim from the cyber incident.

Did the victimized healthcare company pay a ransom?

Well, it has to be confirmed yet; as more details are still awaited !


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display