Desperation or creativity – how low are ransomware gangs ready to go to get paid? One gang has threatened to contact Edward Snowden if its victim doesn’t pay a ransom.
The cybercrime scene is starting to feel more like a schoolyard fight. Ransomware gang OX Thief recently announced on its darknet leak site that it had stolen 47GB of "highly sensitive files" and threatened to release the data unless a ransom was paid.
The crooks, not wasting any time, then got seriously creative with their warnings and spelled out a whole range of potential consequences for the victim, including jail time for data breach liability, hefty fines, class-action lawsuits, negative press, reputational damage, and costly incident response.
The gang also threatened to alert cybersecurity journalist Brian Krebs, Have I Been Pwned founder Troy Hunt, the EFF, NYOB, and even the famous whistleblower Edward Snowden if the ransom wasn't paid.
The gang’s claims were discovered by the security firm’s Fortra analysts and first reported by the Register.
Is it desperation or new tactics?
While it might sound like desperation, cybersecurity experts see it as evolving new and well-thought-through tactics to extort victims. Legal actions can be severe, with GDPR fines reaching up to 4% of a company’s annual global revenue, pushing victims into paying ransom.
Ilia Kolochenko, CEO at ImmuniWeb and a member of the Europol Data Protection Experts Network (EDEN), agrees.
“Ransomware cyber gangs are becoming more and more creative to boost their chances to get paid by victims,” Kolochenko told Cybernews.
“Some large corporations do not care at all about GDPR fines or penalties, having qualified teams of experienced lawyers who will vigorously fight in European courts as long as needed, eventually paying peanuts or even nothing.”
According to him, these same entities quietly pay millions to prevent investigative journalists from accessing their financial data or client lists. Cybercriminals are well aware of this and have started issuing broad, all-encompassing threats to increase their chances of getting paid – and it’s working.
“Although some victims boast about never paying the ransom, many others simply pay it in a stealth mode without ever disclosing the incident,” added Kolochenko.
“Worse, more victims will likely submissively pay without reporting or disclosing the incident – as required by numerous laws and regulations – being well aware that most regulators have from little to no resources to properly detect thoroughly concealed incidents.”
He says that in 2025, ransomware extortion tactics are expected to become even more ingenious and perfidious.
Who is the OX Thief ransomware gang?
The OX Thief ransomware gang was first noticed on illicit forums in December 2024. The group's dark web leak site named Broker Educational Sales & Training (BEST), a company providing education programs for insurance and financial professionals among its first victims.
This hints that it may be a successor to the Medusa ransomware-as-a-service (RaaS) operation. Its infrastructure also shares technical similarities with Medusa’s.
Cybersecurity analysts can’t agree on whether OX Thief is a Medusa offshoot cashing in on previous breaches or just a random group making up stories to take advantage of BEST’s shaky reputation.
Your email address will not be published. Required fields are markedmarked