Fake ransomware gang targets U.S. orgs with empty data leak threats


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.

Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the message.

The attackers behind this activity use the name Midnight and started targeting companies in the U.S. since at least March 16.

They have also impersonated some ransomware and data extortion gangs in emails and claimed to be the authors of the intrusion, stealing hundreds of gigabytes of important data.

In one email to the employee of a holding company in the industry of petroleum additives, the threat actor claimed to be the Silent Ransom Group (SRG) - a splinter of the Conti syndicate focused on stealing data and extorting the victim, also known as Luna Moth.

The same message, however, used in the subject line the name of another threat actor, the Surtr ransomware group, first seen to encrypt company networks in December 2021.

BleepingComputer found another email from Midnight Group, professing that they were the authors of the data breach and that they stole 600GB of “essential data” from the servers.

The messages were sent to the address of a senior financial planner that had left the target company more than half a year before.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.