Tag Archive for: Payment

Western Digital Hackers Demand 8-Figure Ransom Payment for Data

/in


After stealing around 10TB of data from Western Digital Corp., the computer drive manufacturer behind digital storage brand SanDisk, hackers are now negotiating a ransom payment within an eight-figure range, according to reports.

The hackers claim to have control of the company’s code-signing certificate, company executives’ private numbers, SAP back-office data, and administrator access to the company’s Microsoft Azure cloud instance, according to security researchers at TechCrunch who spoke with the hackers in an attempt to verify their claims. The hackers provided screenshots and shared phone numbers and files as their proof of holding the data hostage.

The hackers are threatening to publish the stolen data if they do not receive a payment, though it is unknown whether or not Western Digital will actually hand over the funds as it coordinates with forensic experts and law enforcement officials.

This extortion attempt comes after a data breach earlier this month, which Western Digital reported as a “network security incident,” occurring on March 26. The breach caused the corporation’s cloud network to be out of commission for 10 days, only recently having managed to get the service running again.

Western Digital has yet to comment on the claims being made by the hackers, and it has not answered questions regarding whether customer information was accessed. Meanwhile, according to TechCrunch, the hackers “are ready to start publishing the stolen data on the website of the ransomware gang ALPHV. The hackers said they are not directly affiliated with ALPHV, but “I know them to be professional.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source…

Big banks’ proposed digital wallet payment system likely to fail

/in


A group of leading banks is partnering with payment service Zelle’s parent company to create their own “digital wallet” connected to consumer credit and debit cards to enable online or retail store payments.

The new payment service, however, must compete with entrenched digital wallets such as Apple Pay and Google Pay that are embedded on mobile devices and already well established. It’s also not the first attempt for some in the consortium to create a digital wallet payment service.

The consortium includes Wells Fargo & Co., Bank of America, JPMorgan Chase, and four other financial services companies, according to The Wall Street Journal. The digital wallet, which does not yet have a name, is expected to launch in the second half of this year.

The system will be managed by Zelle’s parent company, Early Warning Services LLC (EWS). It will have about 150 million Visa and Mastercard credit and debit cards connected at launch, with plans to add other card networks later, according to an EWS blog.

“Early Warning is working closely with financial institutions to build a wallet that provides consumers a secure and easy way to pay,” James Anderson, EWS’ managing director of Wallet, said in the blog. “The wallet will also aim to deliver better business outcomes for merchants — including higher transaction approval rates and more completed sales.”

The consortium’s digital wallet will be a standalone service, not something under Zelle’s service, according to reports. It’s expected to compete with other digital wallet payment services such as Apple Pay, Google Pay, and Neo. And it will be up against other digital wallets run by banks, such as Revolut, Monzo and Curve and payment organizations that offer PayPal and Venmo.

Source…

Judge Says Insurer Must Cover More Than $100K in Ransomware Payment – USA Herald

/in


This is the case of Yoshida Foods International LLC v. Federal Insurance Co., in the U.S. District Court for the District of Oregon.

Yoshida is a teriyaki sauce and soda company known for its line of Asian marinades and cooking sauces, which suffered a ransomware attack in 2021.

Yoshida Foods International LLC purchased insurance from Federal Insurance Co. that included computer fraud coverage under the crime coverage part of its policy.

In March 2021, an unknown hacker gained illegal access to Yoshida’s computer system and used malware to encrypt data in its storage devices, rendering the system unusable. 

The anonymous hacker demanded a ransom payment in cryptocurrency in exchange for each decrypting program.

President of Yoshida Foods, Junki Yoshida, used his personal cryptocurrency funds to pay the ransomware of $107,074.20 for the four decryption keys needed, for which the company reimbursed him.

The company then submitted a claim to Federal, but coverage was denied. The insurer’s position was that the company did not sustain a “direct loss” from computer fraud, with its only loss occurring when it reimbursed the company president, who was not personally insured under the policy.

In October 2021 Yoshida filed suit accusing its insurer of bad faith and seeking coverage for its losses. After a litigious court battle, the court ruled in favor of Yoshida finding that the company will be able to seek insurance compensation for money its founder paid from his personal cryptocurrency funds to acquire decryption keys from the anonymous hacker in order to restore his company’s data.

This week, U.S. District Judge Marco A. Hernandez found that the ransomware payment made by Junki Yoshida from his own personal BitCoin funds was an expense that was the result of a direct loss to his company, caused by the hacker, and should be covered by Federal Insurance Co.

Judge Hernandez rebuffed the insurer’s argument that since Junki Yoshida paid the hackers personally and was technically an employee, a contractual exemption for employee-approved transfers applied.

Judge Hernandez wrote in his ruling that “Under the defendant’s reading, if someone held a gun to an employee’s…

Source…

PCI Releases New Payment Standards for Mobile Devices

/in


PCI Standards
,
Standards, Regulations & Compliance

PCI MPoC Expected To Work Alongside Standard for Dedicated Payment Terminals

Akshaya Asokan (asokan_akshaya) •
November 18, 2022    

PCI Releases New Payment Standards for Mobile Devices
Image: Shutterstock

Payment card security group PCI Security Standards Council has a new standard aimed at allowing commercial devices to support multiple payment inputs including contactless cards and methods of cardholder verification.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

The standard allows for a single device to process contactless card data and a consumer-entered PIN.

Consumers across the globe increasingly use contactless methods for payment, and Aite-Novarica estimates 37.8% global growth in such payments from 2020 to 2021. Forrester, in an annual study conducted for the National Retail Foundation, concluded that most U.S. merchants already accept Apple Pay and PayPal.

The new standard – its official name is PCI Mobile Payment on COTS, or MPoC – is aimed at payment software vendors and service providers whose solutions range from applications used for accepting users’ account data to software deployed for back-end payment data attestation and monitoring.

”This was done in direct response to the feedback we heard from our community,” said Andrew Jamieson, vice president of solution standards at PCI SSC. “The PCI MPoC standard allows for both contactless card data and PINs to be entered into the same COTS device, for the same transaction, as well as supporting the use of external card readers if those are desired.”

The new standard is quite different than the council’s previous, separate standards for PIN entry devices and contactless payment devices, Jamieson said in an email to Information Security Media…

Source…