Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists.
"We were also surprised to see this story gaining traction," Europol told BleepingComputer on Monday. "The announcement didn't come from us."
The statement comes after a new Telegram channel called @europolcti was created on August 16th, claiming to offer a $50,000 reward for information on two Qilin ransomware admins known as "Haise" and "XORacle".
"During the course of ongoing international investigations, we have confirmed that the cybercriminal group Qilin has carried out ransomware attacks worldwide, severely disrupting critical infrastructure and causing significant financial losses," reads the imposter's Telegram post.
"We have identified two primary administrators operating under the aliases Haise and XORacle, who coordinate affiliates and oversee extortion activities."
"We are actively pursuing all available leads in cooperation with international partners."
"A reward of up to $50,000 is offered for information that directly leads to the identification or location of these administrators."
Fake Europol CTI post offering Qilin ransomware bounty
Source: BleepingComputer
Haise is believed to be one of the operators of the Qilian ransomware gang, previously recruiting affiliates on the RAMP cybercrime forum.
... continue reading