One of the most devious and frustrating malware on internet is ransomware. These types of program usually lock up your files with encryption and can lead to files deletion. The deletion normally occurs on refusal to pay your attacker the amount he requested for. Payment is normally done through cryptocurrency. A significant percentage of the victims end up paying for the ransom, this is because it's very hard to evade especially due to limited time frame provided by the attacker.
As of now, the attackers become the victim by more devious online criminals. These groups of higher level criminals usually divert payment made to the first attacker via man-in-the-middle (MITM) attack, this means the first attacker become the victim.
This attack on scammers was first discovered and reported by a security firm Proofpoint. Proofpoint noticed a warning which was posted on a ransomware payment portal called LockerR. LockeeR service runs on the Tor network. This is where many scammers operate due to the high level of annonymity compared with the open internet.
So far, about $22,000 worth of ransomed Bitcoins have been “stolen” from the people who were trying to scam innocent computer users.
Always backup your files and keep them safe. In case of any attack, you don't have to pay for ransom.