Ransom
now browsing by tag
#school | #ransomware | Dutch University Pays $220K Ransom to Russian Hackers
Source: National Cyber Security – Produced By Gregory Evans University president says damage from the ransomware attack “can scarcely be conceived.” The University of Maastricht located in the Netherlands experienced a ransomware attack on December 24 and wound up paying the hackers 200,000 euros or $220,000 in bitcoin to unblock its computers, reports Reuters. “The […] View full post on AmIHackerProof.com
#city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI
Source: National Cyber Security – Produced By Gregory Evans
FLORIDA — As the FBI continues investigating the latest municipal cyberattack of Pensacola, the question for many officials is whether to pay or not to pay the ransom?
- Pensacola dealing with cyberattack
- 2019 bad year for cyberattacks in Florida
- FBI and Cyber Florida experts say don’t pay ransom
FBI policy says no, but in the last year Florida attacks have netted millions in ransom.
The international statistics are even more alarming.
In 2019, reported payments made by six Florida municipal governments to hackers have totaled almost $3 million.
Most of these payments are covered by cyber insurance.
For example, Lake City officials said they paid $10,000 in deductible of an estimated $480,000 ransom insurance payment.
One city, Stuart, got off without paying the ransom because they had backed up their servers.
Over the summer, the Conference of U.S. Mayors passed a resolution to not pay ransomware.
They stated it “encourages continued attacks.”
Examples of other major cyberattacks the lesson learned is you end up paying anyways.
The City of Atlanta reportedly paid out $17 million while reportedly Baltimore paid $18 million.
Usually the cost to a city involves two categories.
There’s the cost of recovery and the cost of downtime of servers which studies show are 5 to 10 times the cost of ransom, according to a 2019 Coveware report.
Cyber Florida, USF’s online security institute told Spectrum Bay News 9 there’s a reason not to pay, which is in line with FBI policy.
Cyber Florida officials said there’s no guarantee cities will recover completely after a cyberattack.
The Coveware report also found 2019’s cyberattacks have become more complex.
At the start of the year, downtime lasted about a week.
After the midyear, it’s up to a week and half.
The post #city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI appeared first on National Cyber Security.
View full post on National Cyber Security
Hackers #steal 19M #California voter #records after #holding #database for #ransom
Source: National Cyber Security – Produced By Gregory Evans
In late 2015, a security researcher found voter registration records of 191 million US voters on the Internet. Months later, hackers were found selling those records on several dark web marketplaces. Now, the IT security firm Kromtech has revealed that its researchers discovered a MongoDB database (a popular database management system) containing over 19 million California voters records.
Database Was Left Exposed
The database was left exposed for anyone with an Internet access to view or edit. In the majority of such cases, researchers contact the affected party and inform them about the exposed data, but in this case, Kromtech researchers were unable to identify the owner.
Remember, MongoDB is used by popular organizations such as LinkedIn, MetLife, City of Chicago, Expedia, BuzzFeed, KMPG and The Guardian etc.
Cybercriminals Held Voters Database For Ransom
Since early 2017, hackers have been targeting MongoDB based databases. In this case, according to researchers hackers discovered voters records, took control of it and left a ransom note before deleting the entire database.
The ransom note asked the owner of the database to send 0.2 bitcoin, that is around USD 3,123 (thanks to sudden price hike) to a bitcoin address. However, the fact that cybercriminals erased the database, researchers were unable to conduct a detailed analysis.
Furthermore, the group stated that “your database is downloaded and backed up on our secure servers.” Simply put: the group now holds the database and wants the owner to pay to get it back.
What Data The Database Had
In total, the 4GB database contained 19,264,123 records. As expected, it included highly personal and sensitive data of registered Californian voters such as:
City: Zip: StreetType: LastName: HouseFractionNumber RegistrationMethodCode State: CA Phone4Exchng: MailingState: CA Email: Phone3Area: Phone3NumPart: Status: A Phone4Area: StreetName: FirstName: StreetDirSuffix: RegistrantId: Phone1NumPart: UnitType: Phone2NumPart: VoterStatusReasonCodeDesc: Voter Requested Precinct: PrecinctNumber: PlaceOfBirth: Phone1Exchng: AddressNumberSuffix: ExtractDate: 2017-05-31 Language: ENG Dob: Gender: MailingCountry: AssistanceRequestFlag MailingCity: MiddleName: AddressNumber: StreetDirPrefix: RegistrationDate: PartyCode: Phone1Area: Suffix: NonStandardAddress: Phone4NumPart: CountyCode: MailingAdd3: MailingAdd2: MailingAdd1: UnitNumber: Phone2Exchng: NamePrefix: _id: ObjectId MailingZip5: Phone2Area:
Moreover, researchers also found a 22GB file that contained a massive 409,449,416 records of complete California voter registration records. It is believed that the database was created back on May 31st, 2017.
ExtractDate: '2017-05-31', 'District': 'RegistrantId': 'CountyCode':, 'DistrictName': '_id': ObjectId
MongoDB And Ransom
Since 2016, there have been a number of incidents where MongoDB database have been found exposed on the Internet or held for ransom. In January this year, several unsecured MongoDB databases were hijacked by a hacker, who not only wiped out those databases but also stored copies of them and asked for a ransom of 0.2 bitcoins (roughly US$ 211 at that time).
Researchers also found 13 MillionMacKeeper’ credentials and 58 million business firm accounts exposed online due to misconfigured MongoDB database last year. Last week, AI.Type keyboard app had 31 million customers records exposed online due to misconfigured MongoDB database. In that case, it was discovered that the keyboard app has been spying on users and collecting everything a user does on their smartphone.
Voters Database And Dark Web
A dark web marketplace is a perfect place for hackers and cybercriminals to sell what they steal from others. A year ago, entire US voters’ registration records were being sold on now seized Hansa marketplace, therefore, Californians should not be surprised if their data goes on the dark web for sale.
The post Hackers #steal 19M #California voter #records after #holding #database for #ransom appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM
Source: National Cyber Security – Produced By Gregory Evans
he county government of Mecklenburg, North Carolina, has been hacked, leaving their server files being held for a ransom of 2 bitcoins.
One of the growing problems for businesses and governments today is having their electronic files hacked and held for ransom. Last month, computer hackers targeted the Sacramento Regional Transit system, resulting in 30 million files being deleted. The ransom price demanded by the hackers for that attack was a single bitcoin. Now that ransom price is being doubled as hackers have hit the Mecklenburg, North Carolina county government and are demanding 2 bitcoins.
DON’T OPEN THAT ATTACHMENT!
County Manager Dena Diorio said that the hackers got into the county’s system when an employee clicked on an email attachment they shouldn’t have. (It’s amazing in this day and age that people still click on strange email attachments.) Once the click took place, spyware and a worm were unleashed into the system, freezing all of the electronic files.
Diorio told county commissioners in a meeting that the files were being held for ransom as the hackers were demanding 2 bitcoins, which is now worth almost $25,000 (at the time of this article’s writing). The deadline for paying the ransom is 1pm EST today.
Dena Diorio told reporters that the county was considering paying the ransom, but she did express some concerns over doing so, stating:
There’s a risk you don’t get the decryption key and don’t get your files back. There’s also the chance if they think you’ll pay, they may try to get you to come back again.
IS IT CHEAPER TO PAY THE RANSOM?
Local governments and businesses do find themselves in a quandary when targeted by hackers. Is it actually cheaper to pay the hackers off to once again have access to critical files? A third-party group could restore said files, but using them could cost more than what the hackers were demanding. Of course, as Diorio mentioned above, paying off a hacker could embolden them to attack you again.
This difficult decision is summed up by Diorio when she said:
We need to determine how much it would cost (to pay) versus fixing it on our own. There are a lot of places that pay because it’s cheaper.
The short deadline is obviously putting pressure on the country commissioners to capitulate to the hackers. As of now, the county is switching to paper records for their employees today.
As for the hacking attack, County Manager Dena Diorio summed it up by saying:
I don’t think we were targeted. I don’t think we were at fault. There have been many, many institutions that have been breached. I think we do everything we can to keep our firewall secure.
The post HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Why #hackers love #bitcoins for #ransom #demands
Source: National Cyber Security – Produced By Gregory Evans
The ransom demand for $23,000 to unlock Mecklenburg County’s computer data illustrates two newish concepts you might only vaguely understand.
Ransomware is the term for malicious worms such as the one an unsuspecting county employee unleashed by opening an email attachment. Such tactics have targeted a growing number of businesses and institutions. In May, the WannaCry cyber-attack infected more than 200,000 computers in 150 countries.
Bitcoin transactions are private, so they are the favored payment method of cyber criminals, including those that targeted the county.
Bitcoin is described as a “new kind of money” that works without banks or central authority – it’s essentially a digital cash network. Bitcoins, which can be used to pay for goods and services, can be purchased through exchanges, all without revealing personal information.
Mobile apps or computer programs provide users a “wallet” with which to send or receive bitcoins with other users. A public ledger called a “block chain” records all transactions, which by April were worth $20 billion.
Bitcoin payments can be sent directly to a recipient’s wallet, which can belong to legitimate users as well as hackers.
“Some concerns have been raised that private transactions could be used for illegal purposes with bitcoin,” Bitcoin.com says. “However, it is worth noting that bitcoin will undoubtedly be subjected to similar regulations that are already in place inside existing financial systems.”
The post Why #hackers love #bitcoins for #ransom #demands appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach
Source: National Cyber Security – Produced By Gregory Evans
Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.
Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.
The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.
It is not known exactly how many customers were impacted in the hack or when it happened.
Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.
The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.
As well as cash trade ins, the company offers small financial loans to its customers.
The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.
In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.
‘We are also actively implementing measures to ensure that this cannot happen again.
‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.
‘The current webshop site was independently and thoroughly security tested as part of its development process.
‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.
‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.
‘We apologise for this situation.’
Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.
They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.
Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.
Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.
‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.
‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.
‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.
‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’
The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info
Source: National Cyber Security – Produced By Gregory Evans
A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD).
The extortion attempt’s victim is the University of Fraser Valley (UFV), a Canadian university located in the town of Abbotsford, south-east of Vancouver.
Based on the currently available information, a hacker or hacker group breached the university’s network from where it gathered information such as names, email addresses, phone numbers, physical addresses, grades information, some instances, limited financial details, and possibly more.
Hacker circulated personal data of 29 UFV students
The time of the intrusion is unknown, but over the last weekend, the hacker sent an email to UFV students with the personal information of 29 UVF students.
The same email also contained a ransom demand of 30,000 CAD (23,000 USD). The hacker gave UFV officials 48 hours to pay, or he’d release more info.
The University came clean on Monday and admitted the breach in series of four security alerts sent over the course of the week.
“The students directly affected have been contacted and UFV is working with them to take steps to secure their privacy and personal information,” a UFV spokesperson said.
University shuts down email system
On Wednesday, UFV shut down its email system until November 6, in an attempt to prevent the proliferation of other emails containing data of other students.
The hacker’s point of entry and the number of compromised systems are currently unknown. The University is still investigating the breach, together with Abbotsford police.
The deadline has passed, but it’s unclear if the University paid the ransom demand.
In mid-September, a hacker group known as TheDarkOverlord (TDO) tried to extort schools in the US state of Montana. The hacker’s extortion attempts failed, even after he made bomb threats against the school and physical violence against students.
Bleeping Computer reached out to the hacker group through an intermediary and TDO denied it was behind this recent extortion attempt.
The post Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Petya victims are told NOT to pay cyber ransom after hackers’ emails are disabled
Source: National Cyber Security – Produced By Gregory Evans
IN a new twist in the latest crippling ransomware attack spreading across the globe, victims are warning that files will not be released even if those affected pay up. Companies across Britain, Europe and US have been crippled by the Petya virus, which locks workers out of their computers and…
The post Petya victims are told NOT to pay cyber ransom after hackers’ emails are disabled appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers Leaked ‘Orange Is the New Black’ Despite Receiving $50,000 Ransom
Source: National Cyber Security – Produced By Gregory Evans
A hacking group known as The Dark Overlord that has been terrorizing Hollywood in recent months reportedly received $50,000 in ransom money before leaking the latest season of the popular Netflix series Orange Is the New Black in May. Variety is reporting that the hacking collective confirmed that it demanded…
The post Hackers Leaked ‘Orange Is the New Black’ Despite Receiving $50,000 Ransom appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures