ExtremeTech reports on Ransomware scammers getting a taste of their own medicine:

The new attack on scammers was spotted by security firm Proofpoint, which noticed a warning posted to a ransomware payment portal called LockerR. This service runs on the Tor network, a spiderweb of encrypted nodes across the world that can route traffic anonymously and host hidden services. This is where many scammers operate due to the relative safety compared with the open internet. The problem is that most Ransomware victims don’t know how to access Tor. Therefore, scammers direct them to Tor proxies that can load a Tor service in a standard browser. That’s where the scammers are being scammed.

According to the notice posted on LockerR, the onion.top Tor proxy has started redirecting Bitcoin payments from the ransomware makers to a different address. It just replaces the original Bitcoin wallet address with the one owned by the proxy operators. The payment portal encourages victims to use the Tor browser to connect to LockerR directly in order to ensure the Bitcoins make it to the right address. So far, about $22,000 worth of ransomed Bitcoins have been “stolen” from the people who were trying to scam innocent computer users.

You have to admit, it is actually pretty funny seeing scammers get their due from other scammers.