HomesecurityGrief ransomware: We will destroy the decryption key if a trader is hired

Grief ransomware: We will destroy the decryption key if a trader is hired

The ransomware Grief gang threatens to delete the victims' decryption keys if they hire a trading company, making it impossible to recover encrypted files.

Grief ransomware

See also: Olympus: The Japanese giant victim of BlackMatter ransomware?

Last week, it was reported that the Ragnar Locker ransomware gang threatened to automatically publish the stolen data of a victim if they were communicating with law enforcement or trading companies.

The ransomware gangs do not like professional traders to get involved in the attacks, as it can lead to reduced profits and lost time while the victim executes an incident response.

Ragnar Locker claims that ransomware trading companies are only there to make money and do not act in the interests of the victim.

Ever since they issued this warning, Ragnar Locker has already claimed that it will publish all the stolen data of a victim if they hire a ransomware dealer.

See also: Ransomware: Worried? Three key steps to protect yourself

The Grief gang goes one step further

On Monday, the Grief gang took those threats a step further, saying it would delete a victim decryption key if it hired a ransomware negotiator.

"We want to play a game. If a professional negotiator from the recovery company is involved - we will simply destroy the data.

The recovery company as mentioned above will be paid in any way. The recovery company's strategy is not to pay the amount owed or resolve the case. Therefore, we have nothing to lose in this case. Saving time for all parties involved is very important.

What do recovery companies gain when no ransom is set and the data is simply destroyed with zero chance of recovery? Millions of dollars. ” - Grief ransomware gang.

They say that if a Grief victim hires a negotiator, the ransomware gang will delete the decryption key of the victim, making it impossible to recover files.

While the Grief group is making this threat to put further pressure on the victims, it is possible that for another reason, it is avoiding US sanctions.

Grief ransomware is believed to be linked to a Russian hacking group known as Evil Corp, to which the US government has imposed sanctions.

See also: An ransomware attack forced Howard University to cancel courses

By "blocking" ransomware trading companies, they hope that victims will not be notified of the risks of sanctions.

Source of information:

Teo Ehc
Be the limited edition.