how ransomware groups communicate with their victims

[73]

Hi,

After multiple reports and researches I have the impression that ALL ransomware groups use email as a technology to talk to their victims. Whereas there are several other solutions XMPP -> TELEGRAM -> ...

Why stay on the mail?

So let me open the debate !

Thanks

[1.487]

Hi,

After multiple reports and researches I have the impression that ALL ransomware groups use email as a technology to talk to their victims. Whereas there are several other solutions XMPP -> TELEGRAM -> ...

Why stay on the mail?

So let me open the debate !

Thanks

Easier because everyone might have an email, not everyone has telegram // xmpp with OMEMO.


Also because they targeted a lot of enterprises

I do not sell anything. I do not have a public Discord / Telegram. I will never ask anyone for money / refuse any deal via middleman. I will never deny to confirm my identity via PM before any deal. Stay safe, I have impersonators.

(-.-)Zzz...

https://youtu.be/EDVrTYW2l84

 

[382]

A good ransomware group use a chat on darknet (onion) 

@NOLEHR

              

[73]

Hi,

After multiple reports and researches I have the impression that ALL ransomware groups use email as a technology to talk to their victims. Whereas there are several other solutions XMPP -> TELEGRAM -> ...

Why stay on the mail?

So let me open the debate !

Thanks

Easier because everyone might have an email, not everyone has telegram // xmpp with OMEMO.


Also because they targeted a lot of enterprises

Indeed, if the entry point for deploying the ransomware was by e-mail, we might as well continue communicating via this channel, but in that case, which providers are used? And if the e-mail is deleted by the provider, we lose all contact with the victims.

A good ransomware group use a chat on darknet (onion) 

It's true that this is the best method for securing connections, but no one has installed tor or knows how to use it... but it's still a good option.

[1.487]

Hi,

After multiple reports and researches I have the impression that ALL ransomware groups use email as a technology to talk to their victims. Whereas there are several other solutions XMPP -> TELEGRAM -> ...

Why stay on the mail?

So let me open the debate !

Thanks

Easier because everyone might have an email, not everyone has telegram // xmpp with OMEMO.


Also because they targeted a lot of enterprises

Indeed, if the entry point for deploying the ransomware was by e-mail, we might as well continue communicating via this channel, but in that case, which providers are used? And if the e-mail is deleted by the provider, we lose all contact with the victims.

A good ransomware group use a chat on darknet (onion) 

It's true that this is the best method for securing connections, but no one has installed tor or knows how to use it... but it's still a good option.

some self hosted could work.

some end to end encrypted, offshore providers could be used too. All depends of their TOS and if they check a lot complaints and delete them

^ by the way, i'm only saying this from a **possible** pov, i've never actually worked wwith ransomwares ever, so I can't really tell.

but for me it's the easiest way to communicate // can also be as you said the easiest entry point.

I do not sell anything. I do not have a public Discord / Telegram. I will never ask anyone for money / refuse any deal via middleman. I will never deny to confirm my identity via PM before any deal. Stay safe, I have impersonators.

(-.-)Zzz...

https://youtu.be/EDVrTYW2l84

 

[75]

mail/facebook some ransomwares got rat builded in so yeah

[73]

Finally, to avoid any risk of loss, it's best to have a small site under tor?

edit : Or else a hidden service for settlement and decryption key delivery and contact via telegram or XMPP to manage instantaneous discussions, no?