No honour among thieves: hackers who hack each other


In ransomware, as in any profitable business, there is a constant struggle to compete in the marketplace. Ransomware, the strain of malware which crypto locks a victim’s hard drive until the developer of the malware is paid, is a highly lucrative – and illegal- income earner for its authors. The strategy is so successful that some ransomware developers have even begun sabotaging other’s ransomware in a bid to secure their share of victims.

An exploitative crime, ransomware is a type of malware that encrypts your personal data or locks your entire PC. You are asked to pay a “ransom” via an anonymous service in order to unlock your computer and free your data. Ransomware makes up a huge part of today’s active threats as it turned out to be one of the easiest income earners for attackers. Most other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash to return your data or access to your PC. This is usually achieved through a lockout screen with a countdown timer and a link to a payment page where you are required to pay your ransom and receive a decryption key to unlock your files or computer.

To gain a competitive edge, hackers recently gained access to 3500 decryption keys for a competing organisation’s ransomware with a plan to release them to the public. Thus, rendering entire strains of their competition’s ransomware completely ineffective.

Fake ransomware has also become an issue which undermines the profitability of actual ransomware types, or, families. Actual ransomware developers are hacking developers of fake ransomware to ensure the continued profitability of this kind of crime.


F-secure recently reported that corporate sabotage has also been revealed as a key income generator in this field. A ransomware group claims they were paid handsomely by a Fortune 500 company to hack and infect a competing business. By locking the files of the competitor, the offending company was able to halt the competing company’s production and release a similar product first. This ransomware developer was paid twice, first by the offending company and secondly by the infected company via the ransomware lockout instructions.

If the profitability of ransomware is being threatened at all, it is being defended by those who know it best. This kind of malware shows no signs of disappearing any time soon.

How can you protect yourself from ransomware?

Though the basic features of ransomware are the same, there are many different ransomware families. We tested our product against 20 crypto-ransomware families to see how Emsisoft Anti-Malware held up. See the results here.

So, it’s not all bad. There are preventative steps you can take to keep your data free from ransomware.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial
  1. Make sure all your software is up to date – especially your operating system, your web browser and all browser plugins like Adobe Flash Player or Oracle’s Java Platform.
  2. Be cautious. Ask questions before you click. Read about how threats (and scams) work to avoid becoming a victim.
  3. Backup all of your personal files and documents. If somehow your computer is infected with ransomware, you can reinstall your system and restore your files.
  4. Make sure you run a strong anti-malware software with real-time protection and web protection such as Emsisoft Anti-Malware.
  5. Run an occasional scan with a second opinion scanner, such as Emsisoft Emergency Kit, Malwarebytes Anti-Malware or Hitman Pro to check whether your PC is ransomware-free.

Have a great (malware-free) day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next