Surprisingly, even cybercriminal collectives slip up sometimes – a fact highlighted when attackers struck a business inside a CIS country. A misstep by Nova, tied to the RAlord network, led to unintended consequences. Following an accidental hit on Eriell Group – an oilfield services leader based in Tashkent with operations extending into Russia – affiliates backtracked publicly. The group formally expressed regret over targeting such a firm. Apologies emerged only after internal protocols appeared breached. Mistaken identity seems to have triggered the reversal. Trust among criminal actors likely took a quiet blow.
Reports indicate that after Eriell reached out to Nova, alerting them to the mistake, the link between the operator and the group was cut. Banned soon afterward, the individual involved lost access entirely. Instead of resistance, there came an apology – structured, deliberate. Assistance followed, provided freely, framed as support rather than restitution. Their stance: encryption never happened, data remains unpublished, intent unclear but outwardly cooperative.
Still, the unwritten code among major ransomware groups holds: steer clear of Russian and broader CIS networks.
Even though hacking violates local laws there, officials routinely ignore profit-driven breaches if they spare homegrown entities.
Some hacking collectives like DragonForce, VanHelsing, and LockBit ban strikes on Russian-linked targets. Despite that, the Nova member tied to the Eriell breach probably won’t earn trust among peers again quickly. Though rules exist, breaking unwritten loyalties carries consequences few overlook.
It’s happened before – threat actors stumbling through avoidable errors.
Back then, a ransom-driven team called Scattered Lapsus$ Hunters announced full control over Resecurity, a firm focused on digital defense, boasting they’d extracted every piece of stored information. In reality, their intrusion led straight into a trap set long in advance: a decoy system designed to mislead. That slip gave authorities what they needed – not just tracking one participant but securing legal grounds to pursue evidence further.
Besides earlier cases, attention turned to CyberVolk – a pro-Russian hacktivist collective – that rolled out ransomware yet embedded the primary decryption keys directly within the code. Because of this oversight, those affected found a way to unlock data freely, bypassing any payment. Mistakes like these undermined the entire scheme before it gained traction.
Wrong moves in coding sometimes backfire.
The team behind Sicarii built a system that made fresh encryption keys on each launch – yet wiped the matching private key right after. Because of this, users had no way to unlock data, payment or not. In another case, Nitrogen’s tool failed due to a nearly identical error, leaving its decryption method useless. Paying up became meaningless when recovery was impossible by design.
Certain missteps reveal a different side – those behind cyberattacks aren’t flawless.
Though often seen as highly skilled, people running ransomware schemes act mainly for money; yet just like others, they slip up, leaving openings that can unexpectedly help those targeted.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
Related
