The hackers-punishers said that the scammers deceive their innocent victims, telling them that they can give them a "loan". However, the victims they must first give them a sum of money. Of course, the loan is never given.
Punishment hackers launch their attacks with the mission Phishing emails, containing links to executable that appear as files PDF. They also conduct DdoS attacks, to cause trouble to sites of companies.
MilkmanVictory ransomware actually works like one catastrophic wiper.
The hackers-punishers they don't ask money from their scammers. Instead, they leave a message stating that computer they were destroyed because "we know you are a scammer!".
The hacking team claims to have already targeted the German company Lajunen Loan, whose website is currently out of order after a DDoS attack and emails distributed by ransomware.
The attackers said the ransomware was based on HiddenTear, which means that even if a key is not saved, it can be decrypted via brute force attacks.
HiddenTear victims can recover archives them for free, using it Michael Gillespie's Hidden Tear Decryptor.