Tag Archive for: emailing

Ransom Gangs Emailing Victim Customers for Leverage – Krebs on Security

/in


Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site.

“Good day! If you received this letter, you are a customer, buyer, partner or employee of [victim],” the missive reads. “The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data.”

“We inform you that information about you will be published on the darknet [link to dark web victim shaming page] if the company does not contact us,” the message concludes. “Call or write to this store and ask to protect your privacy!!!!”

The message above was sent to a customer of RaceTrac Petroleum, an Atlanta company that operates more than 650 retail gasoline convenience stores in 12 southeastern states. The person who shared that screenshot above isn’t a distributor or partner of RaceTrac, but they said they are a RaceTrac rewards member, so the company definitely has their email address and other information.

Several gigabytes of the company’s files — including employee tax and financial records — have been posted to the victim shaming site for the Clop ransomware gang.

In response to questions from KrebsOnSecurity, RaceTrac said it was recently impacted by a security incident affecting one of its third-party service providers, Accellion Inc.

For the past few months, attackers have been exploiting a a zero-day vulnerability in Accellion File Transfer Appliance (FTA) software, a flaw that has been seized upon by Clop to break into dozens of other major companies like oil giant Shell and security firm Qualys.

“By exploiting a previously undetected software vulnerability, unauthorized parties were able to access a subset of RaceTrac data stored in the Accellion File Transfer Service, including email addresses and first names of some of our RaceTrac Rewards Loyalty users,”…

Source…

Twitter begins emailing the 677,775 Americans who took Russian election bait

/in

Enlarge / Maybe Twitter should try this approach for the 677,775 emails it says it will soon send to affected users. (credit: Warner Bros. / Sam Machkovech)

On Friday, Twitter took an end-of-the-week opportunity to dump some better-late-than-never news onto its userbase. For anybody who followed or engaged with a Twitter account that faked like an American during the 2016 election season but was actually linked to a major Russian propaganda campaign, you’re about to get an email.

Twitter announced that it would contact a massive number of users with that news: 677,775 users to be exact. This count includes those who interacted with the 3,814 accounts that Twitter has directly linked to the Internet Research Agency (IRA), the Russian troll farm whose election-related meddling was exposed in 2017.

That number of accounts, Twitter noted, is a jump from Twitter’s prior count of 2,812 IRA-linked trolls, which it had disclosed as part of an October 2017 hearing in Congress. Twitter says that this specific pool of troll accounts generated 175,993 posts during the 2016 period of activity that Twitter has been analyzing, and the service noted that 8.4 percent of those posts were “election-related.” In its Friday disclosure, Twitter did not take the opportunity to acknowledge how the remaining percentage of these posts, which included anything from “I’m a real person” idle banter to indirect and divisive messaging, may have ultimately contributed to the troll farm’s impact. (For example: Twitter CEO Jack Dorsey bit, and bit hard, on a known IRA account by retweeting two of its 2016 posts.)

Read 5 remaining paragraphs | Comments

Biz & IT – Ars Technica

EFF challenges patent troll’s vaporous claim to the emailing of USPS tracking numbers

/in
053116eff logo plain rgb

So we live in a world where a guy can’t begin to sell vaping-related goods over the Internet without being shaken down by a patent troll claiming a legal right to the courtesy of sending USPS tracking codes via email.

From an Electronic Frontier Foundation press release:

In a lawsuit filed in the U.S. District Court for the Southern District of Florida, EFF is representing Jason Cugle, who last year began running a small business selling accessories for electronic cigarettes. Cugle, a Maryland resident, received a letter accusing his company and website (Triple7vaping.com) of violating Shipping & Transit’s patents, which relate to ideas for monitoring and reporting the status of delivery vehicles. Cugle simply sent customer shipments through the U.S. Postal Service (USPS) and manually emailed each customer a message saying the package had been shipped and providing the USPS tracking number. Florida-based Shipping & Transit claims its patents cover a variety of methods of notifying people when a vehicle is about to reach its destination, including Cugle’s.

To read this article in full or to leave a comment, please click here

Network World Paul McNamara