Ransomware: Now crooks are stealing bitcoin ransom payments intended for rivals

ZDNet 

Ransomware distributors expecting an easy payday are having their illicit earnings stolen before they're even received by other cyber criminals who are hijacking the ransom payments and redirecting them into their own bitcoin wallets. But not only are the attacks giving criminals a taste of their own medicine in becoming victims of cyber theft, it's also preventing ransomware victims from unlocking their encrypted files -- because as far as those distributing the malware are concerned, they never received their money. Uncovered by researchers at Proofpoint, it's believed to be the first scheme of its kind, with cyber criminals using a Tor proxy browser to carry out man-in-the-middle attacks to steal the . The attacks take advantage of how ransomware distributors request victims to use Tor to buy cryptocurrency to make payments. While many ransomware notes provide instructions on how to download and run the Tor browser, others provide links to a Tor proxy - regular websites that translate Tor traffic into normal web traffic - so the process of paying is as simple as possible for the victim.