John Hammond Discusses Disinformation in Cybercrime Investigation

In a recent video, John Hammond discusses an event that occurred on August 16, 2025, where an image circulating on the Internet caught attention. This image appeared to be a notice from Europole offering a reward of up to $50,000 for information on the cybercriminal group known as Kllin. This group is responsible for numerous ransomware attacks worldwide, disrupting critical infrastructures and causing significant financial losses.

Hammond explains that Kllin, or Quillin, is a ransomware group that infiltrates computer networks, encrypts data, and renders computers unusable until the owners pay a ransom to recover their files. He emphasizes that this group has been particularly active and destructive, even affecting critical infrastructures like hospitals, which has unfortunately led to loss of life.

The Europole notice mentioned that the group is managed by individuals using the pseudonyms Hayes and Exoracle, who coordinate affiliates and oversee extortion operations. Europole, in collaboration with international partners, is actively investigating this group. However, Hammond reveals that this notice was actually false information, a hoax orchestrated by cybercriminals to deceive researchers and journalists.

Hammond explains that on August 21, it became clear that this operation was an attempt at counter-espionage. Edward Kovac, editor-in-chief of Security Week, confirmed that the notice did not come from Europole or any other law enforcement agency. The Telegram channel used to disseminate this false information was created on August 22, and the original message was modified to reveal that it was all a joke.

The Telegram channel, now known to be a hoax, displays a message from "Rey," an individual associated with the former ransomware group Hellcat. Rey admitted to creating the channel to troll researchers and journalists. Hammond notes that Rey is known for his provocative actions and interactions with the media, often seeking to create chaos and confusion.

Hammond uses this story to illustrate the importance of vigilance and fact-checking in the field of cybersecurity. He emphasizes that cybercriminals often use disinformation tactics to sow confusion and divert attention from real threats.

In conclusion, this video highlights the complexities and challenges of combating cybercrime, particularly ransomware attacks. It underscores the importance of international collaboration and constant vigilance to counter these threats.