Tommyleaks

TommyLeaks is a malware that gained notoriety in the cybercrime world for its extensive damage and exploitation capabilities. The malicious software was reportedly used by a group known as Karakurt, which has also operated under various other aliases such as SchoolBoys Ransomware Group and Blockbit. The malware can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it's capable of stealing personal information, disrupting operations, or even holding data hostage for ransom. In September 2022, a company received communications from TommyLeaks claiming that 4 terabytes of their data had been stolen. The attackers demanded a ransom for the deletion of this stolen data. Around the same time, the FBI attempted to contact an individual who claimed to be a researcher with additional information about the Karakurt group. This person requested approximately $365,000 in Bitcoin from the FBI in exchange for sharing details about how Karakurt also operated the Akira ransomware encryptor and used the names TommyLeaks and SchoolBoys Ransomware Group in the past. The Karakurt group came under scrutiny when users suggested that they needed to further distance themselves from another notorious group, Conti. In response, they changed their group's name again to TommyLeaks, Schoolboys Ransomware Gang, and Blockbit. However, these efforts proved futile as recent attacks using the TommyLeaks and Schoolboys Ransomware Gang names were quickly publicly associated back to Karakurt and Conti, much to the disappointment of the users. This incident underscores the persistent threat of malware and the necessity of robust cybersecurity measures.