Ransom Extortion without Ransomware

You are currently viewing Ransom Extortion without Ransomware


Ransomware is not required for data extortion. This has been demonstrated once more by a new group known as the Luna Moth or Silent Ransom Group. It has been operating since March and mostly targets extortion attacks involving data breaches.


Examining the specifics

The group has been breaking into companies to steal private data, telling victims that the material would be made public unless a ransom is paid.

Phishing assaults are the major factor.

With the use of phoney membership emails, Luna Moth deceived victims into utilising the services of Duolingo, Zoho, or MasterClass over the course of the last three months.


Mode of operation

Although Luna Moth uses emails that mimic the brands, it is clear that the messages are a fraud because they are coming from Gmail accounts.

The email has a PDF attachment, and the recipient is advised to call a phone number if there are any problems with the subscription.

The team makes use of quite simple technologies including AnyDesk, Atera, Syncro, and Splashtop.

These provide the attacker persistence because RATs may be installed again after one is removed from the system.

Rclone, SoftPerfect Network Scanner, and SharpShares are among more commercially available tools that are employed. These malicious programmes are impersonated by these tools, which are hidden behind false identities on compromised systems.

The Luna Moth doesn’t have a list of predetermined targets; instead, it utilises opportunistic assaults to steal whatever information is accessible and use it as leverage in extortion.

Another extortion gang that doesn’t use ransomware

Another threat actor, RansomHouse, uses data extortion without the use of ransomware.

It first appeared in March, and its Onion website listed four victims.

The attackers claim that rather than utilising any ransomware or creating an encryption module, they utilise weaknesses to break into a network.

The group’s most recent victim was AMD, from whom they claimed to have stolen 450GB of data.

The conclusion

Although cybercriminals have adopted new extortion strategies and complex organisational structures, they continue to exploit the same cybersecurity flaws. Threat actors are becoming more and more interested in the extortion without ransomware approach. Selling private information without using encryption technology is becoming a successful business.

Leave a Reply