A new ransomwareknown as MadCatwas identified in the last few hours by the security expert Dominic Alvieri.
The same researcher published on X what should be the name of the emerging group, complete with an alleged start date of its activities, namely November 30th.
What makes this ransomware quite unique is its “business model”. According to the data collected by Alvieri, in fact, the cybercriminals responsible for the operation operate on the Dark Web, posing as sellers of counterfeit passports. However, there is some confusion regarding this singular case.
Apparently, there is an individual who actually processes the data of fake passports, obtained through a gigantic data theft operation. In this regard, we are talking about predominantly Polish documents, for a total of 246,000 pages scanned.
MadCat: Ransomware Attack or Cybercriminal Actually Selling Fake Passports?
Second Karol Pacoriek, ransomware and data sales activity would go hand in hand. Late last month, a cybercriminal allegedly tried to sell the “whole package” of passports for $3,400. Apparently, however, the sale was not successful and the cyber criminal is looking for alternative ways to collect money from this loot.
Through research carried out by Cybernewsseveral aliases and nicknames from different platforms were compared, comparing the person who attempted to sell the package linked to a Telegram username @MadCatRwhich suggests that everything can be traced back to a single cybercriminal.
Certainly, the research carried out by researchers and industry sites seems to have unmasked the intentions of cybercriminals, “burning down” their operation. Pacoriek himself, in fact, wrote a tweet in response to Alvieri’s original report, commenting “I predict a fall as fast as RansomedVC“.
Certainly, once this information comes to light, cybercriminals will be very careful before dealing with counterfeit documents.