Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims

Less than 48 hours before the deadline for Iowa-based grain cooperative New Cooperative to pay the BlackMatter ransomware group’s demands, negotiations seemed to take an interesting turn.

BlackMatter, which has threatened to leak sensitive data allegedly stolen from New Cooperative, ramped up those threats this week after claiming the company “violated our data recovery guidelines” during negotiations by allegedly working with recovery firm Coveware.

The victim shot back with a surprising barb.

“The only thing we violated was your mother,” the victim said, according to chat logs shared by Dmitry Smilyanets, an analyst at threat intelligence company Recorded Future.

#ransomware negotiations on fire

— π•―π–’π–Žπ–™π–—π–ž π•Ύπ–’π–Žπ–‘π–žπ–†π–“π–Šπ–™π–˜ (@ddd1ms) September 22, 2021

Except, there was a problem: The “victim” wasn’t actually New Cooperative. It was a random troll.

“We don’t know who the user ‘victim’ is but it is not us. Please close this TOR page so no more random people from the internet make posts here,” a user that appears to be a negotiator for New Cooperative wrote after escalating threats from BlackMatter to leak the data.

apparently, the #ransomware negotiations chat was hijacked

— π•―π–’π–Žπ–™π–—π–ž π•Ύπ–’π–Žπ–‘π–žπ–†π–“π–Šπ–™π–˜ (@ddd1ms) September 23, 2021


At this

Read More: