{"id":60784,"date":"2026-06-02T21:58:34","date_gmt":"2026-06-02T21:58:34","guid":{"rendered":"https:\/\/www.theregister.com\/a\/5250380"},"modified":"2026-06-02T21:58:34","modified_gmt":"2026-06-02T21:58:34","slug":"dumbass-criminal-breaks-the-first-rule-of-ransomware-club","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/","title":{"rendered":"&#8216;Dumbass&#8217; criminal breaks the &#8216;first rule of ransomware club&#8217;"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/image.theregister.com\/5250399.jpg?imageId=5250399&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" class=\"ff-og-image-inserted\"><\/div>\n<div data-element-guid=\"d11159dd-82a3-4c53-901c-d41dec75505c\" readability=\"30.811224489796\">\n<p class=\"kicker \">cyber-crime<\/p>\n<p class=\"subtitle \">You don&#8217;t infect anyone in Russia or other CIS countries<\/p>\n<\/p><\/div>\n<div data-element-guid=\"4c9dc5d9-c886-4348-bf4a-01d0dc71377d\" readability=\"110.51502463054\">\n<p>Even ransomware cartels make mistakes, and in this case, it was a biggie that could have landed the responsible crim in a Russian gulag: accidentally infecting a company located in a Commonwealth of Independent States country.<\/p>\n<p>In what threat-hunter Dominic Alvieri deemed the <a href=\"https:\/\/x.com\/AlvieriD\/status\/2061712159654961280\" rel=\"nofollow\">ransom \u201cdumbass of the day,\u201d<\/a> Nova, the affiliate program for ransomware crew RAlord, on Tuesday issued an apology to Eriell Group, a major oilfield services company with headquarters in Uzbekistan and a corporate office in Moscow. <\/p>\n<p>Apparently, Eriell contacted Nova and notified the ransomware operators about an affiliate&#8217;s mess-up.<\/p>\n<p>The affiliate has since been <a href=\"https:\/\/x.com\/ido_cohen2\/status\/2061753296574947776\" rel=\"nofollow\">banned from the criminal operation<\/a>, we\u2019re told. In addition to issuing a \u201cformal apology,\u201d the ransomware gang promised to assist Eriell with the recovery process \u201cfree of charge.\u201d The malware slingers claimed they didn\u2019t encrypt any files, and pledged not to leak any of the stolen data.<\/p>\n<p>\u201cApparently, the first rule of ransomware club, you don&#8217;t attack organizations in the Commonwealth of Independent States (CIS), is still very much in effect in 2026,\u201d Recorded Future threat intelligence analyst Allan Liska told <span class=\"italic m-italic \" data-lab-italic=\"italic\">The Register<\/span>.<\/p>\n<div data-element-guid=\"afe083ca-6701-48e9-9bd8-f8827dd7fb42\" class=\"lab4 column articleList layout_vertical imageLayout_left small-12 large-12 small-abs-12 large-abs-12 abs_grid_12 grid-vas-start mobile-grid-vas-start\">\n<div class=\"content border_width_0 border_width_mobile_0 border-radius-48 border-radius-mobile_48\">\n<h2 class=\"article-list-title t19 font-RobotoCondensed\">MORE CONTEXT<\/h2>\n<\/p><\/div>\n<\/div>\n<p>While cybercrime is technically illegal in Russia and other CIS countries, their governments often provide safe harbor for extortionists and other financially motivated crims &#8211; especially if they also happen to work day jobs as state-sponsored hackers &#8211; and local police look the other way unless the gangs infect any in-country organizations.<\/p>\n<p>Some crews, like the <a href=\"https:\/\/www.theregister.com\/security\/2025\/05\/15\/what-we-know-about-dragonforce-ransomware\/1277385\">DragonForce cartel<\/a>, <a href=\"https:\/\/www.theregister.com\/security\/2025\/03\/25\/vanhelsing-ransomware-emerges-to-put-a-stake-through-windows\/790670\">VanHelsing ransomware-as-a-service group<\/a>, and <a href=\"https:\/\/www.theregister.com\/special-features\/2025\/10\/08\/3-infamous-ransomware-crews-collab-to-maximize-income\/910750\">notorious LockBit operators<\/a>, expressly prohibit their gang members and affiliates from hitting Russian and other CIS targets.<\/p>\n<p>We\u2019re guessing that the Nova affiliate will be high up on all of these gangs\u2019 do-not-hire lists for quite a while.<\/p>\n<p>Still, they aren\u2019t the first cybercriminal, Russian-speaking or otherwise, to <a href=\"https:\/\/www.theregister.com\/security\/2025\/07\/01\/opsec-oversights-how-cybercrooks-get-themselves-caught\/101659\">make seriously dumb mistakes<\/a>.<\/p>\n<div data-element-guid=\"f7037ece-fe2c-47a0-8da0-1f50ff3661e5\" class=\"quotebox column small-12 large-12 small-abs-12 large-abs-12\">\n<div class=\"content\">\n<h3 class=\"quote\"> The first rule of ransomware club: You don&#8217;t attack organizations in the Commonwealth of Independent States <\/h3>\n<\/p><\/div>\n<\/div>\n<p>Earlier this year, notorious data-leak-and-extortion crew Scattered Lapsus$ Hunters claimed they had gained &#8220;full access&#8221; to Resecurity&#8217;s systems and stolen &#8220;everything.&#8221; Resecurity later offered its &#8220;congratulations&#8221; to the cybercrime crew, which had <a href=\"https:\/\/www.theregister.com\/security\/2026\/01\/05\/resecurity-traps-cybercrim-in-honeypot\/1947976\">fallen into the threat intel team&#8217;s honeypot<\/a> \u2013 resulting in a subpoena being issued for one of the data thieves.&nbsp;<\/p>\n<p>Pro-Russian hacktivist crew <a href=\"https:\/\/www.theregister.com\/security\/2025\/12\/11\/russian-hackers-debut-simple-ransomware-service\/1854868\">CyberVolk got sloppy<\/a> when they debuted a ransomware service late last year. They hardcoded the master keys &#8211; this same key encrypted all files on a victim&#8217;s system &#8211; into the executable files, thus allowing victims to recover encrypted data without paying any extortion fees.<\/p>\n<p>While that mess-up worked in the victim orgs\u2019 favor, another <a href=\"https:\/\/www.theregister.com\/security\/2026\/04\/08\/criminal-wannabes-even-more-dangerous-than-the-pros\/5221722\">coding error committed by Sicarii<\/a> malware developers makes it nearly impossible for companies to recover their files: the Sicarii encryptor generates a new cryptographic key pair during every execution &#8211; but then discards the private key, meaning there&#8217;s no recoverable master key.<\/p>\n<p>Similarly, a <a href=\"https:\/\/www.theregister.com\/security\/2026\/02\/04\/nitrogen-cant-unlock-its-own-ransomware-after-coding-error\/4852991\">programming mistake in Nitrogen<\/a> ransomware prevents the gang&#8217;s decryptor from recovering victims&#8217; files, again making paying up futile.<\/p>\n<p>Trellix VP of threat intel strategy<em>&nbsp;<\/em>John Fokker recently told us that he got so sick of seeing the security industry &#8220;glorifying threat actors,\u201d that he and his team decided to troll the baddies, and started publishing the Dark Web Roast.<\/p>\n<p>\u201cThese are just individuals, they just use computers, and they just want to steal your data and make money,\u201d Fokker told <span class=\"italic m-italic \" data-lab-italic=\"italic\">The Register<\/span>. \u201cThey&#8217;re not mythical. They don&#8217;t have superpowers.&#8221; And just like any other individual &#8211; or superhero &#8211; they sometimes slip up, and give the rest of us a moment of snarky joy. \u00ae<\/p>\n<\/p><\/div>\n<p><img decoding=\"async\" src=\"https:\/\/image.theregister.com\/?imageId=5250399&#038;width=800\">READ MORE <a href=\"https:\/\/www.theregister.com\/cyber-crime\/2026\/06\/02\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/5250380\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> You don&#8217;t infect anyone in Russia or other CIS countries READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":60785,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[1047],"class_list":["post-60784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register","tag-cyber-crime"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&#039;Dumbass&#039; criminal breaks the &#039;first rule of ransomware club&#039; 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&#039;Dumbass&#039; criminal breaks the &#039;first rule of ransomware club&#039; 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-02T21:58:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/image.theregister.com\/5250399.jpg?imageId=5250399&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"&#8216;Dumbass&#8217; criminal breaks the &#8216;first rule of ransomware club&#8217;\",\"datePublished\":\"2026-06-02T21:58:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/\"},\"wordCount\":618,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg\",\"keywords\":[\"Cyber Crime\"],\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/\",\"name\":\"'Dumbass' criminal breaks the 'first rule of ransomware club' 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg\",\"datePublished\":\"2026-06-02T21:58:34+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg\",\"width\":100,\"height\":66},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber Crime\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cyber-crime\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"&#8216;Dumbass&#8217; criminal breaks the &#8216;first rule of ransomware club&#8217;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'Dumbass' criminal breaks the 'first rule of ransomware club' 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/","og_locale":"en_US","og_type":"article","og_title":"'Dumbass' criminal breaks the 'first rule of ransomware club' 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-06-02T21:58:34+00:00","og_image":[{"url":"https:\/\/image.theregister.com\/5250399.jpg?imageId=5250399&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"&#8216;Dumbass&#8217; criminal breaks the &#8216;first rule of ransomware club&#8217;","datePublished":"2026-06-02T21:58:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/"},"wordCount":618,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg","keywords":["Cyber Crime"],"articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/","url":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/","name":"'Dumbass' criminal breaks the 'first rule of ransomware club' 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg","datePublished":"2026-06-02T21:58:34+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club.jpg","width":100,"height":66},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/dumbass-criminal-breaks-the-first-rule-of-ransomware-club\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyber Crime","item":"https:\/\/www.threatshub.org\/blog\/tag\/cyber-crime\/"},{"@type":"ListItem","position":3,"name":"&#8216;Dumbass&#8217; criminal breaks the &#8216;first rule of ransomware club&#8217;"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60784"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60784\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60785"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}