Tag: extorted | SpinSafe

A small Canadian town is being extorted by a global ransomware gang

July 22, 2022/in Internet Security

The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.

The small town of around 7,500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit’s dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted.

Screenshot taken from a ransomware group’s website. Text reads: “The Town of St. Marys is located at the junction of the Thames River and Trout Creek, southwest of Stratford in southwestern Ontario. Rich in natural resources, namely the Thames River, the land that now makes up St. Marys was traditionally used as hunting grounds by First Nations peoples. European settlers arrived in the early 1840s. Stolen data (67GB): financial documents, plans, department, confidential data” — LockBit ransom listing for the Town of St. Marys

In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts.

“To be honest, we’re in somewhat of a state of shock,” Strathdee said. “It’s not a good feeling to be targeted, but the experts we’ve hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case … there are people here working on it 24/7.”

Strathdee said that after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date. In general, the Canadian government’s cybersecurity guidance discouraged the paying of ransoms, Strathdee said, but the town would follow the incident team’s advice on how to engage further.

Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Per LockBit’s standard operating methods, the town was given a deadline by which to pay to have their systems unlocked or else see the data published online.

Brett O’Reilly, communications manager for the town of St. Marys, directed The Verge to a press statement issued by St. Marys in which the town gave further details. Per the statement, essential municipal services like transit and water systems have been unaffected by the incident, and the town is attempting to unlock IT systems and restore backup data.

According to an analysis by Recorded…

Source…

NSW Transport agency extorted by ransomware gang after Accellion attack

March 2, 2021/in Internet Security

Transport for NSW

The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files.

Transport for NSW is New South Wales’ transport system in charge of the buses, ferries, regional air operators, and cargo transportation.

Last week, Transport for NSW disclosed that their agency suffered a data breach after their secure file-sharing system, Accellion FTA, was attacked and hackers stole data.

The agency is currently investigating the breach to determine what data was stolen and is receiving help from Cyber Security NSW, the New South Wales government information security team.

“Cyber Security NSW is managing the NSW Government investigation with the help of forensic specialists.”

“We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data,” Transport for NSW disclosed in a data breach notification.

Data leaked on Clop ransomware site

In December, threat actors began using a zero-day vulnerability in the Accellion FTA secure file sharing application to download and steal data.

Accellion FTA is commonly used by government agencies, educational instructions, and organizations to share files with people external to their organization securely.

After the Clop ransomware gang began leaking data stolen during these attacks and ransoming victims, it became clear that the ransomware group was behind the attacks. A report by Mandiant further confirmed the connection after analysis found shared IOCs between the attacks and the ransomware group.

This weekend, the Clop ransomware published screenshots of alleged emails and documents stolen from the NSW government during an attack on their Accellion FTA device.

In a message on the data leak site, the ransomware gang states that Transport for NSW or other interested parties can make a payment to prevent the leak or buy the stolen data.

“Want to delete a page or buy data? write to the email indicated on the home page,” the Clop gang states on the data leak site.

The leaked data includes confidential documents, steering committee documents, and…

Source…

Dark Overlord taunted, threatened, and extorted. Now alleged member is behind bars

December 28, 2019/in Internet Security

Federal authorities say they have taken custody of a UK man who was a member of The Dark Overlord, a group that has taken credit for hacking into more than a dozen companies, stolen valuable data, and then demanded ransoms for its return. Stolen material included then-unreleased episodes of popular television shows and millions of patient records.

Nathan Wyatt, 39, was extradited from the United Kingdom to St. Louis, Missouri, after losing a year-long legal fight to block the transfer. Wyatt was arraigned in US District Court for the Eastern District of Missouri on Wednesday. He pleaded not guilty.

An indictment unsealed in the case alleged Wyatt participated in hacks on three healthcare providers, a medical records company, and an accounting firm. The indictment said Wyatt conspired with other members of The Dark Overlord to hack into the companies, steal their valuable data, and threaten to publish it unless they received payments in bitcoin.

Read 8 remaining paragraphs | Comments

Biz & IT – Ars Technica

Computer security firm Symantec extorted by hackers – YAHOO!

February 8, 2012/in Computer Security

Computer security firm Symantec on Tuesday confirmed it tried to turn the tables on hackers who threatened to release stolen source code if a demand for $ 50,000 was not met. An email exchange posted online at pastebin.com revealed how Symantec negotiated …
“computer security” – read more

Tag Archive for: extorted

Data leaked on Clop ransomware site