Skip to content ↓ | Skip to navigation ↓

A hacking group claimed that it developed a new ransomware strain called “MilkmanVictory” for the purpose of attacking scammers.

Collectively known as “CyberWare,” the group announced their creation on Twitter in mid-May.

In an email conversation with Bleeping Computer, CyberWare revealed that they were using phishing emails as delivery vectors for their Hidden Tear-based creation. Those messages arrived with what appeared to be PDF documents. In reality, those attachments turned out to be executable files harboring the ransomware.

CyberWare went on to clarify that they weren’t leveraging MilkmanVictory to conduct traditional ransomware attacks against scammers. As quoted by Bleeping Computer.

The victims are saying they give “loan”, but you first have to pay and then you get nothing…. I do not ask for money because scammers do not deserve money for scamming innocent people.

All the victims received was a “ransom” note informing them that MilkmanVictory had destroyed their computers because its handlers knew that they were scammers.

A screenshot of MilkmanVictory’s “ransom” note. (Source: Bleeping Computer)

The hacking collective clarified to this author that they were using MilkmanVictory to target individuals responsible for conducting loan scams and tech support ruses. The group specifically mentioned an “Antivirus update is prepared” alert that hijacked victims’ browsers and demanded that they call a number to pay for a phony service.

In addition to conducting what amounted to wiper malware attacks on these fraudsters’ tech support scam devices and other assets, malicious actors also used denial-of-service (DoS) attacks to disrupt their targets’ websites and targeted these nefarious individuals with the MEMZ trojan.

This is not the first time that malicious actors have set their sights on digital attackers. In March 2020, for instance, Cybereason revealed that it had observed a campaign in which threat actors had trojanized various hacking tools with njRat. They then used that malware to compromise the machine of an individual who purchased those hacking tools for the purpose of conducting their own attack campaigns.

The emergence of MilkmanVictory highlights the need for organizations to defend themselves against new ransomware strains. One of the ways they can do that is by taking steps to prevent a ransomware infection in the first place. This resource is a good place to start.