The Mogilevich Group admits on their darknet leak page that they do not operate “ransomware-as-a-service” but are fraudsters. There had previously been doubts that Epic Games had fallen victim to a cyber attack by the group.
Advertisement
In addition to Epic Games, Mogilevich also lists the names of companies such as Shein, Kick, Bazaarvocie, InfinitiUSA and DJI as alleged victims. Authorities such as the Bangladesh Police and the Irish Foreign Office were also named. Some of these “victims'” listings are marked as allegedly sold.
Not ransomware, but a scam
Now Mogilevich explains that it was all a fraud. “In reality, we are not ‘ransomware as a service’, but rather professional scammers.” This explanation cannot be found directly in the blog on the leak page, but only behind the link that is supposed to lead to a sample from the alleged EpicGames database leak.
In the text, Mogilevich boasts that he has taught many people “a lesson” and explains his own business model, including the methods used for social engineering.
Cybercrime-as-a-Service: Criminals become victims
Mogilevich wanted to quickly become known as a new ransomware group in order to attract its actual victims. So they chose some well-known names as their alleged ransomware victims.
Interested parties who wanted to use Mogilevich’s ransomware services received nothing in return and instead became victims. In eight cases, the criminals sold panel access that was intended to give the buyers access to the criminals’ infrastructure. However, this infrastructure did not even exist. Using social engineering, some interested parties were not only tricked into investing several thousand dollars in their fake ransomware services, but also sending screenshots of their crypto wallets. The data was intended to be used to commit further fraud by selling supposedly stolen crypto accounts.
Mogilevich acted as if, as a group, they were a budding major player in the ransomware-as-service business. This is how they also came into contact with initial access brokers. As prospective buyers, they demanded evidence from the initial access brokers about the quality of their goods. The fraudsters then used the images and videos obtained in this way to do their own business by selling (fake) access.
The reason for the confession
Allegedly, Mogilevich now received $85,000 in one fell swoop from one of her victims who wanted to buy data from the alleged hack on a drone company. This is their biggest coup.
By explaining their fraudulent business model, they want to show that many, “particularly Epic Games”, have advertised for them with their public actions and tweets. This would allow their fraudulent network to grow.
(mack)