Tag Archive for: Leak

US-Canada water org confirms ‘cybersecurity incident’ after ransomware crew threatens leak • The Register

/in


The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.

“The International Joint Commission has experienced a cybersecurity incident, and we are working with relevant organizations to investigate and resolve the situation,” a spokesperson for the org told The Register.

The spokesperson declined to answer specific questions about what happened, or confirm the miscreants’ data theft claims.

IJC is a cross-border water commission tasked with approving projects that affect water levels of the hundreds of lakes and rivers along the US-Canada border. It also resolves disputes over waters shared between the two countries. 

On September 7, the NoEscape ransomware crew listed IJC as a victim on its dark-web site, and claimed it breached the commission’s network, and then stole and encrypted a flood of confidential data. This info, according to the crooks, included contracts and legal documents, personal details belonging to employees and members, financial and insurance information, geological files, and “much other confidential and sensitive information.”

The cyber-crime gang has given the IJC ten days to respond to its ransom demand, or it may make the swiped info public. 

“If management continues to remain silent and does not take the step to negotiate with us, all data will be published,” the NoEscape leak notice threatened. “We have more than 50,000 confidential files, and if they become public, a new wave of problems will be colossal. For now, we will not disclose this data or operate with it, but if you continue to lie further, you know what awaits you.”

The IJC spokesperson contacted by The Register declined to comment on the ransom demand or if the commission would pay.

Who is NoEscape?

NoEscape is a ransomware-as-a-service operation that appeared in May and takes a double-extortion approach. That means instead of simply infecting victims’ machines with malware, encrypting their files and demanding a ransom to release the data, the crooks first steal the files before locking them up. They threaten to…

Source…

U.K Nuke Submarine Base Security Leak; Russia-linked Hackers Put Top Secret Info On Dark Web

/in


The United Kingdom has been hit by hackers linked to Russia, and secret information has reportedly been put on the internet’s dark web. According to Mirror, notorious hacking group LockBit is behind the leak, and in the past had even tried to unsuccessfully extract millions from Royal Mail.

 

Source…

Hackers Threaten To Leak 80GB of Confidential Data Stolen From Reddit

/in


Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes, TechCrunch reported.

According to TechCrunch, in a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February breach of the company’s systems.

Reddit spokesperson Gina Antonini declined to answer TechCrunch’s questions, but confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. At the time, Reddit CEO Christopher Slowe, or KeyserSosa, said that hackers had accessed employee information and internal documents during a “highly-targeted” phishing attack. Slowe added that the company had “no evidence” that personal user data, such as passwords and accounts, had been stolen.

Bleeping Computer reported that on February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.

According to Bleeping Computer, the phishing attack allows the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.

As first spotted by Dominic Alvieri and shared with Bleeping Computer, the ALPHV ransomware operation, more commonly known as BlackCat, now claims to be behind the February 5th cyberattack on Reddit.

In a “Reddit Files” post on the gang’s data leak site, the threat actors claim to have stolen 80 GB of compressed data from the company during the attack and now plan on leaking the data.

The threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted but did not receive a response.

Bleeping Computer posted a screenshot of the information from ALPHV. Here are some:

“…I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data.

“But I am very happy to know that the public will be able to read…

Source…

Hackers threaten to leak stolen data if Reddit doesn’t reverse API changes

/in


The situation surrounding Reddit’s changes to its API continues to get even weirder. Earlier this year, a ransomware group used a sophisticated phishing attack to steal 80GB of data from Reddit. Now, ransomware group BlackCat is claiming responsibility for that hack and threatening to release that information if Reddit doesn’t reverse its API changes and pay a $4.5 million ransom…

As spotted by Bleeping Computer, researcher Dominic Alvieri spotted BlackCat’s announcement today in which it threatens to release the data publicly if Reddit doesn’t meet its demands.

BlackCat is demanding that Reddit not only pay that $4.5 million ransom but also reverse its controversial API changes that will kill many third-party apps. BlackCat was previously waiting for Reddit’s long-awaited IPO to claim responsibility for this breach but has instead opted to seize on the ongoing controversy surrounding those API changes.

I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took.

In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.

Reddit publicly acknowledged the security incident back in February, saying that it was a “sophisticated and highly-targeted phishing attack.” The attackers sent “plausible-sounding prompts” redirecting employees to a website that cloned the behavior of the company’s intranet. As a result, the attackers were able to steal credentials and two-factor tokens.

Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to…

Source…