This site may earn affiliate commissions from the links on this page. Terms of use.

Ransomware is some of the most devious and frustrating malware floating effectually the internet. These programs lock up your files with encryption and threaten to delete them unless you lot pay a cryptocurrency ransom. Victims are powerless to thwart the assault, so many just pay up. Now, information technology's the scammers who are the victims of a clever ruse past fifty-fifty more devious online criminals. Ransomware payments are existence diverted via a human being-in-the-center attack, which is some sort of perverse justice. However, it won't do the original ransomware victims whatever proficient.

The new assault on scammers was spotted by security firm Proofpoint, which noticed a alert posted to a ransomware payment portal chosen LockerR. This service runs on the Tor network, a spiderweb of encrypted nodes across the earth that tin can route traffic anonymously and host hidden services. This is where many scammers operate due to the relative safety compared with the open internet. The problem is that nigh Ransomware victims don't know how to access Tor. Therefore, scammers directly them to Tor proxies that can load a Tor service in a standard browser. That'due south where the scammers are being scammed.

According to the detect posted on LockerR, the onion.top Tor proxy has started redirecting Bitcoin payments from the ransomware makers to a unlike accost. Information technology just replaces the original Bitcoin wallet address with the one owned past the proxy operators. The payment portal encourages victims to use the Tor browser to connect to LockerR directly in order to ensure the Bitcoins brand it to the right accost. So far, about $22,000 worth of ransomed Bitcoins accept been "stolen" from the people who were trying to scam innocent reckoner users.

The LockerR payment portal was kickoff spotted in October 2022, and has since go an increasingly popular fashion for ransomware makers to collect their payments. The supposed deal is that once a user pays the ransom, they will become the encryption key to unlock their files. However, the payment won't go there if it'southward redirected by the Tor proxy and ends up in the wallet of the incorrect criminal. Thus, the victim will be out the money and still won't get their files back. Of course, not all ransomware makers are sufficiently honorable to hold up their end of the deal in the first place.

The best course of activity is to never pay these ransoms and only brand sure yous've got backups of your important files. Let the scammers merely scam each other.

Now read: twenty All-time Privacy Tips