glitched Parler logo

Dmytro Vikarchuk/Shutterstock (Licensed) remix by Jason Reed

Ransomware group exploits Parler’s hands-off approach to shake down victims

The ransomware gang previously ran accounts on Twitter and Tumblr.


Mikael Thalen


Posted on Jan 20, 2022   Updated on Jan 20, 2022, 1:06 pm CST

A well-known ransomware gang is now using the social media platform Parler in order to aid its extortion efforts.

The cybercrime group, which joined the conservative-leaning website on Jan. 11, has already posted the name of one medical equipment company that it claims to have hacked.

The discovery was made this week by Brett Callow, a threat analyst with the cybersecurity firm Emsisoft.

Ransomware groups work by infecting and encrypting the contents of a computer network before demanding a ransom to return the data. If a victim refuses to pay, the group will often resort to publishing the victim’s data online.

The Daily Dot was able to locate the Parler profile in question but is declining to name the group to avoid pressuring the company into giving into the ransomware group’s demands. Callow says he came across a link to the profile in a ransom note sent by the gang to one of its victims.

While ransomware gangs most often use the dark web to avoid having their websites and hacked data censored, Emsisoft noted last month that some groups have begun using social media in order “to bring news of their conquests to a wider audience and put more pressure on victims to pay the ransom.”

“It’s easy for ransomware victims to be lethargic when a data leak is confined to an obscure Tor website that the average Joe will never see,” the company noted. “It’s a different story when that same stolen sensitive data is being publicly discussed and shared on mainstream social media platforms.”  

In fact, the ransomware group now operating on Parler had previously ran accounts on Twitter and Tumblr. Both accounts would later be removed.

Callow told the Daily Dot, however, that he believes this is the first time a ransomware group has decided to use Parler.

“Social media platforms are useful tools for cybercriminals as they enable stolen data to be easily shared,” Callow said. “And, of course, the prospect of having their data shared on Twitter, Tumblr, or Parler probably concerns companies more than the prospect of it being shared on an obscure site.”

The Daily Dot reached out to Parler, which touts itself as an anti-censorship platform, to inquire about its policies regarding cybercrime but did not receive a response by press time.

Callow further argued that the issue could become worse in the future if social media companies fail to take action.

“While victims can request that platforms remove hacked data or links to hacked data, the process is not necessarily speedy,” Callow said. “If social media companies want to avoid their platforms being used for extortion, they need to address this problem.”

Ransomware gangs made headlines in 2021 for numerous high-profile attacks, including one against Colonial Pipeline. The attack resulted in a run on gasoline and later fuel shortages along the East Coast.

Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Jan 20, 2022, 8:06 am CST