Ransom

now browsing by tag

 
 

Hackers #steal 19M #California voter #records after #holding #database for #ransom

Source: National Cyber Security – Produced By Gregory Evans

In late 2015, a security researcher found voter registration records of 191 million US voters on the Internet. Months later, hackers were found selling those records on several dark web marketplaces. Now, the IT security firm Kromtech has revealed that its researchers discovered a MongoDB database (a popular database management system) containing over 19 million California voters records.

Database Was Left Exposed

The database was left exposed for anyone with an Internet access to view or edit. In the majority of such cases, researchers contact the affected party and inform them about the exposed data, but in this case, Kromtech researchers were unable to identify the owner.

Remember, MongoDB is used by popular organizations such as LinkedIn, MetLife, City of Chicago, Expedia, BuzzFeed, KMPG and The Guardian etc.

Cybercriminals Held Voters Database For Ransom

Since early 2017, hackers have been targeting MongoDB based databases. In this case, according to researchers hackers discovered voters records, took control of it and left a ransom note before deleting the entire database.

The ransom note asked the owner of the database to send 0.2 bitcoin, that is around USD 3,123 (thanks to sudden price hike) to a bitcoin address. However, the fact that cybercriminals erased the database, researchers were unable to conduct a detailed analysis.

Furthermore, the group stated that “your database is downloaded and backed up on our secure servers.” Simply put: the group now holds the database and wants the owner to pay to get it back.

What Data The Database Had

In total, the 4GB database contained 19,264,123 records. As expected, it included highly personal and sensitive data of registered Californian voters such as:

City: 
Zip: 
StreetType: 
LastName: 
HouseFractionNumber
RegistrationMethodCode 
State: CA 
Phone4Exchng: 
MailingState: CA
Email: 
Phone3Area: 
Phone3NumPart: 
Status: A 
Phone4Area: 
StreetName: 
FirstName:
StreetDirSuffix: 
RegistrantId:
Phone1NumPart: 
UnitType: 
Phone2NumPart: 
VoterStatusReasonCodeDesc: Voter Requested 
Precinct: 
PrecinctNumber: 
PlaceOfBirth: 
Phone1Exchng:
AddressNumberSuffix: 
ExtractDate: 2017-05-31
Language: ENG 
Dob: 
Gender: 
MailingCountry:
AssistanceRequestFlag 
MailingCity: 
MiddleName:
AddressNumber: 
StreetDirPrefix: 
RegistrationDate: 
PartyCode: 
Phone1Area: 
Suffix:
NonStandardAddress: 
Phone4NumPart: 
CountyCode: 
MailingAdd3: 
MailingAdd2: 
MailingAdd1:
UnitNumber: 
Phone2Exchng: 
NamePrefix: 
_id: ObjectId 
MailingZip5: 
Phone2Area:

Moreover, researchers also found a 22GB file that contained a massive 409,449,416 records of complete California voter registration records. It is believed that the database was created back on May 31st, 2017.

ExtractDate: '2017-05-31',
'District': 
'RegistrantId': 
'CountyCode':, 
'DistrictName':
'_id': ObjectId

MongoDB And Ransom

Since 2016, there have been a number of incidents where MongoDB database have been found exposed on the Internet or held for ransom. In January this year, several unsecured MongoDB databases were hijacked by a hacker, who not only wiped out those databases but also stored copies of them and asked for a ransom of 0.2 bitcoins (roughly US$ 211 at that time).

Researchers also found 13 MillionMacKeeper’ credentials and 58 million business firm accounts exposed online due to misconfigured MongoDB database last year. Last week, AI.Type keyboard app had 31 million customers records exposed online due to misconfigured MongoDB database. In that case, it was discovered that the keyboard app has been spying on users and collecting everything a user does on their smartphone.

Voters Database And Dark Web

A dark web marketplace is a perfect place for hackers and cybercriminals to sell what they steal from others. A year ago, entire US voters’ registration records were being sold on now seized Hansa marketplace, therefore, Californians should not be surprised if their data goes on the dark web for sale.

The post Hackers #steal 19M #California voter #records after #holding #database for #ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM

Source: National Cyber Security – Produced By Gregory Evans

he county government of Mecklenburg, North Carolina, has been hacked, leaving their server files being held for a ransom of 2 bitcoins.


One of the growing problems for businesses and governments today is having their electronic files hacked and held for ransom. Last month, computer hackers targeted the Sacramento Regional Transit system, resulting in 30 million files being deleted. The ransom price demanded by the hackers for that attack was a single bitcoin. Now that ransom price is being doubled as hackers have hit the Mecklenburg, North Carolina county government and are demanding 2 bitcoins.

DON’T OPEN THAT ATTACHMENT!

County Manager Dena Diorio said that the hackers got into the county’s system when an employee clicked on an email attachment they shouldn’t have. (It’s amazing in this day and age that people still click on strange email attachments.) Once the click took place, spyware and a worm were unleashed into the system, freezing all of the electronic files.

Diorio told county commissioners in a meeting that the files were being held for ransom as the hackers were demanding 2 bitcoins, which is now worth almost $25,000 (at the time of this article’s writing). The deadline for paying the ransom is 1pm EST today.

Dena Diorio told reporters that the county was considering paying the ransom, but she did express some concerns over doing so, stating:

There’s a risk you don’t get the decryption key and don’t get your files back. There’s also the chance if they think you’ll pay, they may try to get you to come back again.

IS IT CHEAPER TO PAY THE RANSOM?

Local governments and businesses do find themselves in a quandary when targeted by hackers. Is it actually cheaper to pay the hackers off to once again have access to critical files? A third-party group could restore said files, but using them could cost more than what the hackers were demanding. Of course, as Diorio mentioned above, paying off a hacker could embolden them to attack you again.

This difficult decision is summed up by Diorio when she said:

We need to determine how much it would cost (to pay) versus fixing it on our own. There are a lot of places that pay because it’s cheaper.

The short deadline is obviously putting pressure on the country commissioners to capitulate to the hackers. As of now, the county is switching to paper records for their employees today.

As for the hacking attack, County Manager Dena Diorio summed it up by saying:

I don’t think we were targeted. I don’t think we were at fault. There have been many, many institutions that have been breached. I think we do everything we can to keep our firewall secure.

The post HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why #hackers love #bitcoins for #ransom #demands

Source: National Cyber Security – Produced By Gregory Evans

The ransom demand for $23,000 to unlock Mecklenburg County’s computer data illustrates two newish concepts you might only vaguely understand.

Ransomware is the term for malicious worms such as the one an unsuspecting county employee unleashed by opening an email attachment. Such tactics have targeted a growing number of businesses and institutions. In May, the WannaCry cyber-attack infected more than 200,000 computers in 150 countries.

Bitcoin transactions are private, so they are the favored payment method of cyber criminals, including those that targeted the county.

Bitcoin is described as a “new kind of money” that works without banks or central authority – it’s essentially a digital cash network. Bitcoins, which can be used to pay for goods and services, can be purchased through exchanges, all without revealing personal information.

▪ Mobile apps or computer programs provide users a “wallet” with which to send or receive bitcoins with other users. A public ledger called a “block chain” records all transactions, which by April were worth $20 billion.

▪ Bitcoin payments can be sent directly to a recipient’s wallet, which can belong to legitimate users as well as hackers.

“Some concerns have been raised that private transactions could be used for illegal purposes with bitcoin,” Bitcoin.com says. “However, it is worth noting that bitcoin will undoubtedly be subjected to similar regulations that are already in place inside existing financial systems.”

The post Why #hackers love #bitcoins for #ransom #demands appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #redoubling efforts after #Meck Co officials #decline #paying #ransom

Hackers are reportedly “redoubling their efforts to penetrate the county’s systems” after Mecklenburg County officials decided not to pay a ransom to unfreeze hacked servers, officials said Thursday.

Mecklenburg County remains open for business as it continues to restore services.

According to county officials, cybercriminals are trying to use emails with fraudulent attachments and viruses to further damage the county’s systems. County officials are asking residents and employees to remain patient.

County Manager Dena Diorio says hackers froze 48 county servers, and asked for two bitcoins in ransom, which totals about $23,000. This, despite claims made by other county officials to WBTV that the hackers were actually seeking a ransom on each server, which would have run the ransom into a range of the hundreds of dollars.

On Thursday, officials said ITS is disabling county employees’ option to open attachments in Drop Box and Google Documents. Officials released this statement:

“The best advice for now is to limit your use of emails containing attachments, and try to conduct as much business as possible by phone or in person. “

As the county manager refuses to pay the hackers, the county’s IT team begins work on repairing the 48 frozen servers, and bringing the affected county departments back to normal working order. These departments include the tax office, register of deeds, LUESA, assessor’s office, park and recreation, department of social services, child support enforcement, finance, sheriff’s office, and the courts.

The county was experiencing a county-wide computer system outage Tuesday afternoon. Just after 6 p.m., officials told reporters that the servers were being held for ransom.

Officials have not given a timeline for how long the repairs will take, but say they will take “days.” They have prioritized repairs on servers affecting health and human services, the courts, and LUESA.

Diorio told WBTV that bringing the 48 servers back to full strength is a process that could go into early 2018.

“Now understand things will come back up incrementally, so as we bring systems on line we won’t be shot down that long, but by the time we get everything fully restored I would say the first of the year,”Diorio said.

Rather than pay hackers demands to get rid of ransomware, the county is taking matters into  its own hands.

One place impacted and where business practices have changed is the Mecklenburg County Tax Office.

Online payments have become the norm, but with computers being down fees collected in person.

Daniel Chisholm ended up with handwritten receipt and a dose of reality.

“I am paranoid about using the internet and I use it all the time. Problem is that’s the wave of the future and you can’t get around it,” Chisholm said.

Theresa Payton and her company Fortalice Solutions is one of the companies hired by Mecklenburg County to work through this series of challenges.

She is also a WBTV cyber security expert who says hackers in most instances are hoping to beat the odds.

“For cyber criminals they have nothing to lose and everything to gain. If you think about, you have to get it right 365 days out of the year, and they only have to get it right once,” Payton said.

Getting right during this period of recovery is the goal of the county manager.

“We just ask people to work with us and be patient to the best of their ability,” Diorio said.

Dioro also expects work to continue through the weekend and through the holidays.

In the meantime, they have asked customers to call these departments to check on their services.

Below is information from county officials given Thursday of offices affected during the server outage, along with direction for customers moving forward.

Assessor’s Office (CAO)
Non-Operational:

  • County Assessor’s Office reports AssessPro (The Real Property appraisal system), NCPTS (the personal property appraisal system and the billing and collection system) are down.
  • Polaris and Tax Bill look up county web links are not working.

Criminal Justice Services
Non-Operational:

  • Research & Planning cannot run the daily population numbers without OMS interfacing with our data warehouse.  (Please note that we anticipate a spike in the jail numbers due to the release process being slowed.)

 Child Support Enforcement (CSE): CSE is in full Manual Services- still seeing customers here and in the Courthouses, all records are being hand-written and the Clerk’s office is printing/making copies for the Court.

  • Advantage is Down
  • ACTS- Automated Collection and Tracking System is down- which is used to interface with other state and federal systems; document generation; pay histories; charging and billing functions, etc
  • Compass/OnBase is down
  • Dept. Of Vital Records is down
  • Qflow- Used to track customer visits by date, time, visit purpose, service provider, etc.
  • VMWare

Community Support Services: The Domestic Violence Victim Services phone line (704-336-3210) is now fully functioning.
Non-Operational:

  • ECHO for Substance Use Services (they are documenting on paper & will scan into the system once operational),
  • OnBase for Veterans Services & secure printing and copying. We are seeing clients but Veterans Services may run slower. As soon as we have access to a copier we will run much smoother.
  • All secure printing & coping DOWN.
  • Community Support Services Prevention & Intervention Division is unable to transfer a call from the receptionist to a clinician.

 Department of Social Services (DSS): All DSS services and programs are up and running with the exception of individual medical transportation scheduling.

  •  All Public Assistance programs and services are available.  We have made adjustments to work around the systems that are unavailable.
  • Adult Protective Services and Child Protective Services are fully operational.

 Transportation Message:
If you have made a transportation reservation through DSS/MTS scheduling, please call Customer Connection at 704-336-4547 to confirm your transportation.  This includes reservations made for bus passes and vendor transportation for trips scheduled through December 11, 2017.

Finance
Non-Operational:

  • Services/support are all manual and limited as most all of our work relies on Advantage as our core financial system.
  • Automated payments, invoicing, procurement, etc.  This means no Electronic funds transfers, processing of procurement requests in the system, or other similar transactions.  Because many of our internal controls are automated, or rely on systems (verifying funds, etc.), most of our services will be manual and slowed, but we should be able to perform them.  We also cannot apply payments received to the balance owed in the system—meaning we will have a backlog and some risk to the extent collections are continuing.

 Human Resources
Non- Operational:

  • Applicants cannot apply for vacant positions

Library

  • No changes since last communication

 LUESA
The LUESA offices on Suttle Ave continue to operate to provide services to our building community.  If you have urgent permitting and inspection needs, please call 980-314- CODE (2633) and staff will be able to coordinate your request for service.

Non-Operational:

  • Code and Storm Water Services cannot review plans or issue new permits until POSSE/Winchester and other supporting systems including GIS, Navision (payment processing) are up.
  • GIS cannot provide addressing and other services including processing register of Deeds data until the GIS servers are back online.
  •  Air Quality services for asbestos reviews etc cannot be performed until the permitting system is up.

MEDIC: Nothing affected at this time.

Office of the Tax Collector
Non-Operational:

  • Property tax payments cannot be made at the Wilkinson Boulevard location.
  • Tax records and payment information cannot be accessed online or by telephone.
  • Research requests for bankruptcy, tax certificates, tax lien research, or any other service requiring reference to the tax records cannot be performed.
  • All online services including online payment options are not available.

As of Wednesday night, the county’s domestic violence hotline was down. They were directing callers to Safe Alliance reached at 704-332-2513.

County officials say employees’ payroll will not be affected by the Dec. 15 pay date. Officials say most printers are still offline, with a limited number enabled in specific offices.

View full post on National Cyber Security Ventures

Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach

Source: National Cyber Security – Produced By Gregory Evans

Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.

Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.

The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.

It is not known exactly how many customers were impacted in the hack or when it happened.

 

Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.

The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.

As well as cash trade ins, the company offers small financial loans to its customers.

The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.

In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.

‘We are also actively implementing measures to ensure that this cannot happen again.

‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

‘The current webshop site was independently and thoroughly security tested as part of its development process.

‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.

‘We apologise for this situation.’

Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.

They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.

Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.

Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.

‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.

‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.

‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.

‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’

The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info

Source: National Cyber Security – Produced By Gregory Evans

Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info

A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD).

The extortion attempt’s victim is the University of Fraser Valley (UFV), a Canadian university located in the town of Abbotsford, south-east of Vancouver.

Based on the currently available information, a hacker or hacker group breached the university’s network from where it gathered information such as names, email addresses, phone numbers, physical addresses, grades information, some instances, limited financial details, and possibly more.

Hacker circulated personal data of 29 UFV students

The time of the intrusion is unknown, but over the last weekend, the hacker sent an email to UFV students with the personal information of 29 UVF students.

The same email also contained a ransom demand of 30,000 CAD (23,000 USD). The hacker gave UFV officials 48 hours to pay, or he’d release more info.

The University came clean on Monday and admitted the breach in series of four security alerts sent over the course of the week.

“The students directly affected have been contacted and UFV is working with them to take steps to secure their privacy and personal information,” a UFV spokesperson said.

University shuts down email system

On Wednesday, UFV shut down its email system until November 6, in an attempt to prevent the proliferation of other emails containing data of other students.

The hacker’s point of entry and the number of compromised systems are currently unknown. The University is still investigating the breach, together with Abbotsford police.

The deadline has passed, but it’s unclear if the University paid the ransom demand.

In mid-September, a hacker group known as TheDarkOverlord (TDO) tried to extort schools in the US state of Montana. The hacker’s extortion attempts failed, even after he made bomb threats against the school and physical violence against students.

Bleeping Computer reached out to the hacker group through an intermediary and TDO denied it was behind this recent extortion attempt.

The post Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Petya victims are told NOT to pay cyber ransom after hackers’ emails are disabled

Source: National Cyber Security – Produced By Gregory Evans

IN a new twist in the latest crippling ransomware attack spreading across the globe, victims are warning that files will not be released even if those affected pay up. Companies across Britain, Europe and US have been crippled by the Petya virus, which locks workers out of their computers and…

The post Petya victims are told NOT to pay cyber ransom after hackers’ emails are disabled appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Leaked ‘Orange Is the New Black’ Despite Receiving $50,000 Ransom

Source: National Cyber Security – Produced By Gregory Evans

A hacking group known as The Dark Overlord that has been terrorizing Hollywood in recent months reportedly received $50,000 in ransom money before leaking the latest season of the popular Netflix series Orange Is the New Black in May. Variety is reporting that the hacking collective confirmed that it demanded…

The post Hackers Leaked ‘Orange Is the New Black’ Despite Receiving $50,000 Ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers hold Sydney start-up’s customer database for ransom

Source: National Cyber Security – Produced By Gregory Evans

Hackers hold Sydney start-up’s customer database for ransom

Small Sydney tech company Qnect is in damage control after its customer data was reportedly stolen and held for ransom. The attack comes just weeks after ransomware known as WannaCry disabled over 300,000 computers and essential services worldwide. The hackers, calling themselves RavenCrew, threatened to publish the data – including…

The post Hackers hold Sydney start-up’s customer database for ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hospitals Gain Control After Ransom Hack, More Attacks May Come

Source: National Cyber Security – Produced By Gregory Evans

Hospitals Gain Control After Ransom Hack, More Attacks May Come

Most U.K. health facilities whose computer systems were crippled in a global cyber-attack are back to normal operation, Home Secretary Amber Rudd said, even as experts warned that hackers would probably launch a new round of attacks with many computers still vulnerable. About 97 percent of facilities and doctors affected are able to work normally, Rudd said Saturday after a …

The post Hospitals Gain Control After Ransom Hack, More Attacks May Come appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures