A hacker has been taking justice into their own hands by targeting “scam” companies with ransomware and denial of service attacks.
Last week a new ransomware was discovered called MilkmanVictory that a hacking group stated they created to attack scammers.
In a conversation with BleepingComputer, the hacking group known as ‘CyberWare’ stated that they have started targeting companies performing what they call “loan scams.”
“The victims are saying they give “loan”, but you first have to pay and then you get nothing,” the hacking group told BleepingComputer.
As part of their attacks, the threat actors are sending phishing emails containing links to executables masquerading as PDF files. They are also conducting denial of service attacks to bring down the company’s web sites.
The ransomware is being distributed as a destructive wiper attack as it does offer a way to contact the attackers and does not save the encryption key.
“I do not ask for money because scammers do not deserve money for scamming innocent people,” the hackers told us.
Instead, the victims are left with a ransom note stating that the computer was destroyed because “we know you are a scammer!”
The hacking group claims to have targeted the German Lajunen Loan company, whose web site is currently down, with a DDoS attack and emails spreading the ransomware.
The attackers state that this ransomware is based on HiddenTear, which means that even if a key is not saved, it can still be decrypted using brute force attacks.
Anyone who is encrypted by a HiddenTear variant may be able to recover their files for free using Michael Gillespie’s Hidden Tear Decryptor.
BleepingComputer.com has contacted Lajunen Loan but has not heard back at this time.