The group began with traditional ransomware methods but took an unexpected turn by intimidating the victim and detailing possible outcomes.
The threat group Ox Thief recently attempted to pressure its victim into paying a ransom by threatening to contact Edward Snowden — the former NSA contractor who exposed global surveillance programs in 2013.
Ox Thief’s recent threat wasn’t its first move. According to Fortra, the group initially claimed on its Tor-based site to have stolen 47GB of sensitive data. To back up its claims, it provided sample files for verification and warned that the stolen data would be leaked if the ransom demand wasn’t met — a textbook ransomware strategy.
Things took a turn when the threat actor started listing the potential fallout if the ransom wasn’t paid. The group warned of possible jail time, financial penalties, class-action lawsuits, reputational damage, and steep incident response costs.
To amplify pressure, the group threatened to involve journalist Brian Krebs, security expert Troy Hunt, the EFF, privacy group NOYB, and Edward Snowden — who now holds Russian citizenship — if the victim refused to pay the ransom.
The move could indicate that the crew is scrambling for funds and feeling increasingly desperate.
According to Nick Oram, Fortra’s Senior Manager for Domain and Dark Web Monitoring Services, Ox Thief’s approach represents a new and noteworthy shift in tactics.
Oram suggests Ox Thief’s actions could be tied to rising costs, with falling ransomware payments driving cybercriminals to adopt fresh strategies to secure a payday.
