The website of Luas, the tram system operating in Ireland’s capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.
Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland, and would be published on the internet unless a ransom demand of one Bitcoin (approximately 3,300 Euros or US $3,800) was paid. In the message, the hackers claim that they previously contacted the tram operator about security vulnerabilities and were aggrieved that they received no response.
Read more about the attack on the Luas website on Tripwire.
Saying it was “welcoming 2019 with open arms and a big announcement,” the Dark Overlord hacker group Monday threatened via a Pastebin post to release files it said were nicked from a law firm – believed to have advised insurer Hiscox Syndicares Ltd. – that handled September 11-related cases.
Information pilfered includes “emails, retainer agreements, non-disclosure agreements, settlements, litigation strategies, liability analysis, defence formations, collection of expert witness testimonies, testimonies, communications with government officials in countries all over the world, voice mails, dealings with the FBI, USDOJ, DOD, and more, confidential communications, and so much more,” the group wrote.
Extortion emails are getting wilder and wilder. First we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worlwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin.
These emails started appearing this week and have a subject line similar to “Pretty significant material for you right here 17.12.2018 08:33:00”. The content of the emails are written in poor English and grammar and state that the sender is the owner of a Dark Web site that offers different kinds of services for a fee.
Sextortion email scams have been a very successful way of generating money for criminals. A sextortion scam is when you receive an email that states someone hacked your computer and has been creating videos of you while you are using adult web sites. The emails then tell you to send them bitcoins or they will share the videos they made with all of your contacts.
A new campaign has been spotted by researchers at ProofPoint that instead of containing a bitcoin address to send a blackmail payment to, they prompt you to download a video they made of you doing certain “activities”. The downloaded zip file, though, contains a executable that will install malware onto the computer.
Earlier this month an ongoing extortion email campaign emailed recipients their password and stated hackers had recorded the them over their webcam while they visited adult sites.
Over the past week, scammers are now utilizing a new extortion email campaign that claims the recipient’s phone was hacked, includes a partial phone number of the recipient, and further states that they created videos using the recipient’s webcam. It then demands $1,000 USD in bitcoins or the hacker will release the video and other information.
Read more about the new campaign in which thousands of these email are being distributed, on BleepingComputer.
Read Brad Taylor’s article about what is extortion-based cyber attack and how it is evolving on Help Net Security :
Today, data breaches have impacted just about every industry possible. From entertainment to the restaurant industry, no sector or organization appears to be safe, and it has been predicted that cyberattacks are going to get even worse.
Read Abhi Raj’s article about DDoS extortion on Security Zap Blog :
DDoS extortion is certainly not a new trick by the cyber criminal or the hacker community, but there have been several new developments to phenomenon recently. Notable among them is the use of Bitcoin as a method of payment.
Imagine if you woke up one day and found yourself the CEO of a large international shipping company. You get a call from the head of risk management alerting you that one of your tankers was overtaken by pirates who are demanding a large sum of money in return for your vessel.
Read Violet Blue’s article about social media extortionist on Engadget :
If you’ve read recent headlines about high-profile tech CEOs getting hacked, you probably felt a stab of dark amusement at the thought of internet fat cats finally getting a taste of what the rest of us have had to drink.
Cyberextortion can take many forms. Originally, denial of service (DoS) attacks against corporate websites were the most common method of cyberextortion; the attacker might initiate a ping storm and telephone the president of the company, demanding that money be wired to a bank account in a foreign country in exchange for stopping the attack.
In recent years, however, cybercriminals have developed ransomware which encrypts the victim’s data.
Read the definition of cyberextortion on Tech Target.