Tag Archive for: extort

Hackers Target Manufacturing Firms To Extort Crypto Using Ransomware

/in


With transactions in the dark net emboldened by “grey money” cryptocurrency, comes a host of wrought possibilities. Ransomware is fast emerging the most preferred way to attack data, demand a ransom and restore status quo only after the unethical hackers have made big bucks. 

Gujarat has been the target of increasing attacks in the past two years. Hackers have attacked pharmaceutical and manufacturing companies, gained access to the Gujarat database from a big B2B website, and stolen 800GB worth of data related to taxpayers from the GST department. 

In simple terms, ransomware is a type of malware from crypto-virology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called crypto-viral extortion. 

The gravity of the situation on ground Ahmedabad came to light when a space-tech startup based out of SG Road “found itself locked out of its own files.”

Hackers released ransomware into the firm’s servers to target its venture and hold its IT systems hostage for nearly 15 days. The cybercriminals asked the outfit for Rs 8 crore if it wanted to access its data. The company, which is registered with ISRO’s Indian National Space Promotion and Authorization Centre (IN-SPACe), however, managed to retrieve the data without paying a paisa.

Reliving the harassment, CEO Surendra Raj, shared: “The hackers demanded 20 bitcoins at a time when each bitcoin was valued at Rs 40 lakh. Our sensitive designs were set open for all while the cybercriminals paralyzed our access.”

The attack in March 2022 was reported to Gujarat CID (crime cybercell). However, the company and its domain service provider managed to release data using competent technology. 

The startup isn’t the only one from Gujarat that has fallen prey to hackers. Between 2020 and 2022, significant data breaches and ransomware attacks have occurred in companies, startups and most importantly, state government departments.

On March 26, 2020, Russian hacker ‘Bassterlord’ claimed to have admin…

Source…

Hackers Extort Less Money, Are Laid Off as New Tactics Thwart More Ransomware Attacks

/in


Cybercriminals face drop in payments, as U.S. companies are better at bouncing back from attacks

Source…

Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors

/in


(Bloomberg) — Major technology companies have been duped into providing sensitive personal information about their customers in response to fraudulent legal requests, and the data has been used to harass and even sexually extort minors, according to four federal law enforcement officials and two industry investigators.

The companies that have complied with the bogus requests include Meta Platforms Inc., Apple Inc., Alphabet Inc.’s Google, Snap Inc., Twitter Inc. and Discord Inc., according to three of the people. All of the people requested anonymity to speak frankly about the devious new brand of online crime that involves underage victims.

The fraudulently obtained data has been used to target specific women and minors, and in some cases to pressure them into creating and sharing sexually explicit material and to retaliate against them if they refuse, according to the six people.

The tactic is considered by law enforcement and other investigators to be the newest criminal tool to obtain personally identifiable information that can be used not only for financial gain but to extort and harass innocent victims.

It is particularly unsettling since the attackers are successfully impersonating law enforcement officers. The tactic is impossible for victims to protect against, as the best way to avoid it would be to not have an account on the targeted service, according to the people.

It’s not clear how often the fraudulent data requests have been used to sexually extort minors. Law enforcement and the technology companies are still trying to assess the scope of the problem. Since the requests appear to come from legitimate police agencies, it’s difficult for companies to know when they have been tricked into giving out user data, the people said.

Nonetheless, the law enforcement officials and investigators said it appears the method has become more prevalent in recent months.

“I know that emergency data requests get used for in real life-threatening emergencies every day, and it is tragic that this mechanism is being abused to sexually exploit children,” said Alex Stamos, a former chief security officer at Facebook who now works as a consultant.

“Police departments are going to…

Source…

Minnesota man charged in hacking MLB and for trying to extort the league

/in


A Minnesota man has been charged with hacking into computer systems used by Major League Baseball and trying to extort the league for $150,000, the U.S. Attorney’s Office of the Southern District of New York said Thursday.In emails with an MLB executive, Joshua Streit, 30, threatened to publicize the vulnerability that he used to access the league’s website for streaming live games before asking for $150,000 for finding the technology flaw, according to charging documents.Streit allegedly renewed his extortion attempt in September, at a time of heightened scrutiny for the MLB as it was preparing for the playoffs. The news comes ahead of Game 3 of the World Series between the Houston Astros and Atlanta Braves.A Twitter account listed in the criminal complaint as belonging to Streit did not respond to a request for comment on Friday. James Becker, an attorney listed for Streit in court records, did not respond to requests for comment.The charges against Streit, who is also known as Josh Brody, include wire fraud, illegally hacking into a computer for the purposes of fraud and “sending interstate threats with the intent to extort.” The maximum sentence for each individual charge ranges from two to 20 years in prison.Streit is accused of illegally streaming copyrighted live games from the MLB, National Basketball Association, National Football League and the National Hockey League. To do that, prosecutors allege, Streit used stolen login credentials to access the sports’ websites and stream live games to his own website for profit.One of the sports leagues lost almost $3 million because of Streit’s actions, the U.S. Attorney’s office said in a press release.A LinkedIn profile listed in the complaint as belonging to Streit describes him as a software engineer living in the Minneapolis area.During an initial court appearance Thursday in the U.S. District Court for the District of Minnesota, a judge ordered “temporary detention” for Streit pending a Nov. 1 hearing, according to court documents.A spokesperson for the MLB declined to comment. Neil Boland, the league’s chief information security officer, did not respond to requests for comment.The MLB is no stranger to…

Source…