One of the year’s most closely-watched ransomware gangs has announced its operations were nothing but a hoax – with the group allegedly earning tens of thousands by simply lying about stolen data.
Mogilevich started making noise on 20 February after it announced itself as a ransomware group and claimed to have acquired 22 gigabytes of stolen data from Infiniti USA – a division of Japanese carmaker Nissan.
By 27 February, Mogilevich announced two more high-profile victims – Ireland’s Department of Foreign Affairs (DFA) and video game publisher Epic Games – garnering mass publicity as the group started to offer up its purportedly stolen data for sale on the dark web.
Now, the so-called hacker group has back-peddled on its lofty claims of data theft and admitted its operations were entirely a scam.
The group revealed its scam under a deceptive data leak listing for Epic Games.
Those who clicked the listing didn’t find swathes of passwords and source code as expected, but were instead greeted by a surprise announcement from the gang.
“Unfortunately this link led you to an important announcement of our business instead of evidence of a breached database,” read the note from Mogilevich.
“In reality, we are not a Ransomware-as-a-service, but professional fraudsters.”
Mogilevich marketed itself as a ransomware-as-a-service – a common criminal ‘business’ model which allows buyers to bargain for access to ransomware or stolen data – but now claims it never had any data up for sale at all.
Instead, Mogilevich says it only pretended to have hacked popular companies such as Epic Games so it could lure would-be hackers into fraud purchases.
“None of the databases listed in our blog were as true, as you might have discovered recently,” the note read.
“We took advantage of big names to gain visibility as quickly as possible, but not to [gain] fame and receive approval, but to build meticulously our new trafficking of victims to scam.”
Scammers scam the scammers
The so-called ransom gang boasted that it sold access to its hoax ransomware infrastructure to eight dark web buyers.
Furthermore, Mogilevich says it doubled the price of access at the last minute – coaxing its already-scammed clients to up their bid or back out of the purchase.
“From here, about sixteen thousand dollars are taken from the victims,” reads Mogilevich’s note.
The group went on to claim one of its buyers coughed up some $85,000 – presumably US currency – after Mogilevich fooled them into thinking it had access to one terabyte of stolen data from drone-maker DJI.
“We were immediately contacted by interested people, one of them was put at ease, as if he were the boss at the time,” a Mogilevich spokesperson said.
“We made him believe that we had other buyers who were pressing us and that they wanted the projects as soon as possible.”
The group said it convinced its victims by using social engineering tactics to get photo evidence of actually-compromised data from other criminal outfits on the dark web – all so it could pass the “evidence” off as its own.
Furthermore, Mogilevich claims it also requested screenshots of crypto wallets from potential buyers, which it then used to convince other buyers it was actively trading crypto through its purported ransomware outfit.
Meanwhile, both the DFA and Epic Games had already refuted Mogilevich’s ransomware claims, meaning those scammed simply took the group’s word at face-value.
The group further boasted they are not hackers, but “criminal geniuses”, before criticising the media for having offhandedly promoted Mogilevich’s activities.
“I’ve taught a lot of people, especially Epic Games, a lesson that by creating ads and tweets has done nothing than advertise us by enlarging our fraudulent network,” said Mogilevich’s spokesperson.
While Mogilevich’s announcement effectively warns against parroting the claims of ransom gangs, the results of its fraud scheme aren’t exactly devastating to the wider public – only those buying the group’s faux stolen data fell victim to the scam.