Hackers and cyber attackers have always been a problem for the online community, since the inception of the internet. Most hackers attack a website with the intent to cause damage or acquire sensitive data and then use this information to demand money from their targets.
Bitcoin and similar cryptocurrencies are particularly targeted by hackers. This is because these payment methods allow complete anonymity to users. If hackers can crack someone’s online digital wallet, they would be able to transfer money to their own wallet and sell it later on a virtual currency exchange. Even if the victim can somehow find out which IP address was used to hack their system, they cannot do anything to get the coins back.
This virus attack has the potential to deactivate a company’s database and completely freeze their processes. It can be sent through a phishing email. When the user clicks on the link, it activates a macro on the target computer which encrypts all the data on the system. Unless the user has backup, they become unable to access any of their files or documents.
The hacker then demands money before they would give the user the keys to decrypt and access the files. As Bitcoin offers complete anonymity, hackers often prefer taking payments in cryptocurrencies such as Bitcoin or Ethereum.
Hackers Got Scammed
Recently, hackers that used ransomware viruses to target businesses were tricked by other crooks who used their own programs to redirect payments from the victims to their own accounts.
While this may seem like justice was served, the ultimate losers were victims of the original hack. They did not receive the decryption keys from hackers as hackers never received the ransom payments.
Cyber attackers trust and use VPN platforms like the TOR project. These platforms allow complete anonymity for users allowing hackers to appear like normal traffic. All websites on the TOR network have the extension .onion. which is run by the Onion.top proxy.
How the Attack Took Place
It appears that while the hackers were connected to hacked systems, they sent their victims Bitcoin wallet addresses to deposit the ransom money. At the same time, operators of the Onion.top proxy scanned their portals in search of Bitcoin wallet addresses and then replaced these addresses with their own wallet address.
When the victims deposited money into the wallet addresses provided by the ransomware attackers, it went into the wallet of the .onion operators instead of the hackers.
It appears that wallet addresses were switched on several ransomware payment sites that are connected to malware strains like GlobeImposter and LockeR. The owners of these services were able to steal at least 2.2 Bitcoins. This would be something close to $20,000 given the current value of Bitcoin.
Perhaps the most interesting part about this whole event is that it was the hackers who announced what was going on. Anonymous posters on Ransomware message boards cautioned other hackers not to use the services of Onion.top proxy.
Ransom hackers have now started taking steps to ensure that they get money into their own wallets. For example, they have now started breaking their wallet addresses with tags to make it more difficult for site operators to find their wallets.
The individuals who were hacked were the only real victims in this whole affair as they did not receive the decryption keys and lost money as well.
For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.
