A lesser-known threat group called Ox Thief has taken ransomware extortion tactics to new extremes—threatening to involve Edward Snowden if a victim refused to pay up.
According to new analysis by Fortra’s cybersecurity team, the group followed typical ransomware playbooks at first. Ox Thief claimed on its Tor-based leak site that it had stolen 47GB of sensitive data from a targeted organization. To back up its demands, the gang released samples of the stolen files—a common move to prove the breach was real and pressure the victim into paying.
From there, however, things took an unusual turn.
After the initial ransom demand, Ox Thief shifted gears and began piling on legal and financial threats. The group warned the victim that failure to pay could trigger jail time, hefty fines, class-action lawsuits, reputational damage, and costly incident response efforts.
Then, in a surprising twist, Ox Thief claimed it would notify high-profile cybersecurity figures and organizations, including:
- Journalist Brian Krebs
- Troy Hunt of HaveIBeenPwned
- The Electronic Frontier Foundation (EFF)
- The European privacy group NOYB
- And finally, Edward Snowden — the famed NSA whistleblower now living in Russia
Experts believe this bizarre escalation reveals more about Ox Thief’s desperation than strategy. “By explicitly outlining potential fines, class action lawsuits, and government penalties,” said Nick Oram, Fortra’s senior manager of Dark Web monitoring, “the group is attempting to reframe the victim’s cost-benefit analysis—making the price of resisting seem far greater than paying.”
Threatening to involve a figure like Snowden, who is unlikely to cooperate with cybercriminals, hints at Ox Thief’s possible inexperience—or a dire need for funds. It also exposes a shift in how ransomware groups leverage media pressure, legal fears, and public exposure to break victims’ resistance.
While this play may seem extreme, it signals a growing trend where ransomware gangs weaponize reputational damage alongside data leaks to corner their targets.
As ransomware attacks grow more sophisticated, security experts warn that groups like Ox Thief will likely continue blending cyber threats with legal and PR risks. Fortra’s report highlights how financial pressure, legal threats, and public shaming are becoming critical weapons in cyber extortion campaigns.
For businesses, this case serves as a stark reminder: ransomware attackers are evolving fast—crafting tactics designed not just to lock data, but to manipulate emotions, reputations, and decision-making under pressure.
