Fake Bounty on Notorious Ransomware Gang Exposed in Hoax Campaign
In recent days, Telegram channels and news outlets have been actively circulating reports of an alleged Europol bounty of $50,000 for information leading to the capture of two leaders of the notorious ransomware group Qilin. The posts claimed that the gang’s “core administrators,” operating under the aliases Haise and XORacle, were responsible for coordinating affiliates and overseeing the extortion process. Yet it has now become clear that the entire story was nothing more than a carefully orchestrated hoax.
Europol has officially stated that it had no involvement whatsoever in the announcement. According to agency representatives, neither the text of the message nor the Telegram channel on which it appeared had any connection to the organization. In fact, Europol emphasized that it maintains no accounts on this messaging platform, limiting its official presence to Instagram, X, LinkedIn, Bluesky, Facebook, and YouTube.
Agency officials explicitly denounced the so-called “bounty” on Qilin hackers as a fabrication. This strongly suggests that the claim was part of a deliberate campaign intended to discredit, intimidate, or erode trust within the criminal underworld.
Such tactics are increasingly common in cybercriminal circles: fabricated leaks, false accusations, and counterfeit announcements have become tools of information warfare between rival groups. These methods allow one faction to threaten another, lure away allies, or provoke adversaries into mistakes as they attempt to remain in the shadows.
The Qilin group—also known as Agenda—has been active since 2022. Its members publish stolen data on their own leak site, which since the start of this year alone has exposed information from more than 400 organizations. One of the most notable recent cases involved Inotiv, a U.S.-based pharmaceutical company that disclosed a cyberattack to authorities. Although the company refrained from naming the perpetrators, Qilin claimed responsibility, boasting of stealing 176 gigabytes of internal data.
The fabricated bounty is not the first instance of false statements being weaponized in the battles between hacker collectives. Such manipulations not only disrupt the internal cohesion of rival groups but also shape external perceptions, exposing adversaries to potential law enforcement scrutiny.
In an environment where Telegram has become a convenient arena both for criminal activity and for rivalries among the perpetrators themselves, such false proclamations form part of a broader strategy of pressure and subversive maneuvering.
