Twitter Fails to Act Against Ransomware Gang

An AI image of a man in a hoodie looking at a laptop which has a blue bird sitting on top of it.
Image created using Midjourney. Prompt: A malicious hacker is looking at a laptop screen with a bluebird on his shoulder, digital art style

Twitter is failing to stop an account run by a ransomware gang from using its platform to distribute stolen information. Safe Not Scammed is not naming the gang or providing its account handle to avoid giving the criminals additional publicity.

The ransomware account has posted links to stolen files it claims are from Socrates Academy and Movement Schools, as well as leaking screenshots purportedly of negotiations with Citrus College about payment of a ransom.

According to an investigation by Queen City News, some of the data stolen and leaked by the ransomware gang includes “copies of checks, a list of parent email addresses, a list of students who were either held back or graduated to the next grade, PayPal payments, tax information, and more.”

You submitted a report for exposing private info

Partially redacted tweet: 
Ransomware cult
leaks some files from
redacted link
okay emoji x 3
redacted link
redacted link
Safe Not Scammed reported the ransomware account on May 4th.

Safe Not Scammed reported the ransomware account to Twitter on May 4th in an attempt to stop the distribution of stolen information. However, Twitter responded two days later saying the account “hasn’t broken our safety policies.” 

After reviewing the available information, we want to let you know redacted hasn’t broken our safety policies. We know this isn’t the answer you’re looking for. If this account breaks our policies in the future, we’ll notify you.
On May 6th, Twitter emailed us to say the ransomware account did not violate their policies.

Despite Twitter’s claim, the ransomware account clearly violates Twitter’s hacked materials policy. This policy prohibits tweets that contain or link to information obtained via hacking, noting, “we do not allow the people or groups directly associated with a hack to use Twitter to distribute hacked materials.”

Safe Not Scammed tweeted at Twitter Support and Twitter CEO Elon Musk, as well as Twitter VP of Trust and Safety Ella Irwin, to alert them to the situation. However, we received no response. 

As of the time of writing, the ransomware account and the links to stolen information are still accessible on Twitter.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *