The ransomware Grief gang threatens to delete the victims' decryption keys if they hire a trading company, making it impossible to recover encrypted files.
Last week, it was reported that the Ragnar Locker ransomware gang threatened to automatically publish the stolen data of a victim if they were communicating with law enforcement or trading companies.
The ransomware gangs do not like professional traders to get involved in the attacks, as it can lead to reduced profits and lost time while the victim executes an incident response.
Ragnar Locker claims that ransomware trading companies are only there to make money and do not act in the interests of the victim.
Ever since they issued this warning, Ragnar Locker has already claimed that it will publish all the stolen data of a victim if they hire a ransomware dealer.
The Grief gang goes one step further
On Monday, the Grief gang took those threats a step further, saying it would delete a victim decryption key if it hired a ransomware negotiator.
"We want to play a game. If a professional negotiator from the recovery company is involved - we will simply destroy the data.
The recovery company as mentioned above will be paid in any way. The recovery company's strategy is not to pay the amount owed or resolve the case. Therefore, we have nothing to lose in this case. Saving time for all parties involved is very important.
What do recovery companies gain when no ransom is set and the data is simply destroyed with zero chance of recovery? Millions of dollars. ” - Grief ransomware gang.
They say that if a Grief victim hires a negotiator, the ransomware gang will delete the decryption key of the victim, making it impossible to recover files.
While the Grief group is making this threat to put further pressure on the victims, it is possible that for another reason, it is avoiding US sanctions.
Grief ransomware is believed to be linked to a Russian hacking group known as Evil Corp, to which the US government has imposed sanctions.
By "blocking" ransomware trading companies, they hope that victims will not be notified of the risks of sanctions.
Source of information: bleepingcomputer.com