IBM researchers say a new twist on ransomware, where cybercriminals find enterprise network vulnerabilities, steal data and then hold the data for ransom in exchange for details on how they broke in, is on the rise.
The hackers are positioning the extortion as a "favor" to companies, and in some cases have extracted as much as $30,000 in exchange for information on how they accomplished the feat.
In the last year, there has been at least 30 bug poaching incidents, IBM researchers said.
In traditional ransomware attacks, hackers encrypt data and demand payment for a decryption key. But IBM said "bug poaching" incidents commonly involve breaking into a network, stealing sensitive data, posting it to a third-party cloud storage service, then asking for money in exchange for information on how the data was stolen.
The hackers even go so far as to position the act as a favor to the company.
"These attackers are trying to play a moral high ground when it comes to exposing bugs," said John Kuhn, senior threat researcher for IBM Managed Security Services in an interview with Threat Post. "But make no mistake, this is straight up extortion."
Security researcher Chris Vickery said that so-called "white hat hacking" differs from black hat hacking in terms of intent.
"The white hat hacker is going to alert the company and let them know that that exploit exists and they're not going to take advantage of it and harm anybody," Vickery said in an interview with CIO Dive. "Whereas the black hat hacker would use it for selfish purposes and would end up probably harming the end users. So I think there is a difference, although they are both pushing the lines of legality."