Fraudster Pretends to be Good: Victims of Royal and Akira Face Double Deception

Victims of Royal and Akira Extortion Scam Targeted by Fake Cybersecurity Researcher

The victims of the Royal and Akira extortion software were attacked by a fraudster who pretended to be a cybersecurity researcher. The attacker promised to hack the servers of the original attackers and delete the stolen data.

As you know, Royal and Akira use double extortion tactics – the victim systems are encrypted after the theft of confidential information, and then threaten to publish sensitive information if the ransom is not paid.

The company Arctic Wolf conducted an investigation into two incidents, when the organizations that have already paid the ransom affected by the Royal and Akira extortion have received an offer on behalf of an ethical hacker. For his services, the criminal demanded a fee of up to 5 bitcoins (about 190,000 dollars at that time).

These incidents occurred in October and November 2023. In the first case, the criminal acted on behalf of the invented company Ethical Side Group (ESG), mistakenly attributing the attack by the hacker gang Tommyleaks. Then he changed the legend and said that he actually had access to Royal group servers. It is worth noting that the victim had already negotiated with extortionists from Royal in 2022.

In the second operation, the criminal used the Xanonymoux pseudonym and offered either to delete files from Akira servers or to provide access to their archives. However, a few weeks before, hackers said that they did not abduct any data, but only encrypted the victim systems.

An analysis of the initial messages in messengers showed the use of 10 general phrases, as well as the same manipulations and “evidence” of access to data. This served as the main evidence that one person is behind both attempts at fraud.

Such cases demonstrate additional risks that the victims of extortion programs face. This can even aggravate their financial burden and extend the recovery period.

Cybercriminals quickly adapt and look for new ways to make a profit from their illegal activity. Therefore, organizations need to be careful and carefully

/Reports, release notes, official announcements.