Ransomware rising – Pique Newsmagazine

Whistler is still dealing with the effects of a cyber attack last spring—but it’s not alone

A link copied from the Resort Municipality of Whistler’s (RMOW) website—posted by cyber criminals in the wake of a late April ransomware attack—pasted into a specialized browser called Tor takes me to a no-frills blog.

The page shows various text-based posts with accompanying dates, and in some cases links to click on, each containing files leaked from different attacks by the criminals in question.

In some cases, the attackers include a link to a chat box that can be used to communicate with them directly.

They never take long to reply, but they’re not very forthcoming with their answers.

An ominous message posted to the RMOW website after the attack claimed that 800 gigabytes of information was obtained in the April 28 attack on the RMOW.

On May 15, about 82 gb of Whistler data was posted to the group’s site—internal server files allegedly containing the sensitive information of more than three dozen municipal employees, all of it in a folder the criminals labelled “trash.”

The folder name is noteworthy.

“Publish all trash which we does not need,” the criminals say in one chat session, in stunted English.

“All other data was sold.”

Pressed on what exactly they obtained from Whistler, and what was sold, they reply simply: “We do not discuss auction details sorry.”

Experts say there’s no way to say for sure if they’re telling the truth about selling Whistlerites’ data at auction (they are criminals, after all).

“These are criminal organizations. They don’t always tell the truth,” says Brett Callow, threat analyst with Emsisoft, a cyber security company with a particular expertise in ransomware.

“There are cases where they will claim to have more data than they actually do. There are also, however, cases where they have exactly what they claim to have, so there really is no way of knowing.”

The link to the dark web site wasn’t live on the RMOW’s municipal website for long on the morning of April 28, but it was up long enough to be screenshotted and posted to two popular Facebook groups—posts that can still be found…