A group of hackers are allegedly threatening to remotely wipe millions of iPhones and iCloud accounts , unless Apple agrees to pay a ransom Attack.Ransom by April 7th . As Motherboard reports , the hackers – who are calling themselves the “ Turkish Crime Family ” – are demanding Attack.Ransom Apple pay a ransom Attack.Ransom of $ 75,000 ( in either the Bitcoin or Ethereum cryptocurrencies ) , or hand over $ 100,000 worth of iTunes gift cards . Motherboard ‘ s Joseph Cox reports that one of the hackers shared screenshots of emails that had allegedly been exchanged with Apple , including one where a member of Apple ’ s security team asked if the group would be willing to share a sample of the stolen data . If emails shared by the hackers are legitimate , then it appears that Apple ’ s security team also requested that a YouTube video be removed of an unnamed member of the gang using stolen credentials to access an elderly woman ’ s iCloud account and view photos that had previously been backed up online . The alleged emails from Apple go on to underline that the technology firm will “ not reward cyber criminals for breaking the law ” . What we don ’ t know is whether the email exchanges between the hackers and Apple are real or faked , and – indeed – whether the so-called “ Turkish Crime Gang ” really has access Attack.Databreach to a large number of Apple users ’ credentials . Other than the video of the elderly woman ’ s iCloud account being broken into , there has been no evidence shared with the media to suggest that the hackers ’ claims of having gained access Attack.Databreach to a large database of Apple usernames and passwords are legitimate . However , if it ’ s true that the hackers are attempting to engage with the media in an attempt to increase their chances of a substantial payout then that would be in line with an increasingly common technique deployed by extortionists . For instance , we have discussed before how an individual hacker or hacking group known as The Dark Overlord has targeted investment banks – stealing internal documents and bringing them to the public ’ s attention in an attempt to extort more money Attack.Ransom . In another extortion Attack.Ransom attempt , The Dark Overlord stole Attack.Databreach hundreds of gigabytes of files from the Gorilla Glue adhesive company , and attempted to increase their chances of crowbarring more money out of corporate victims by sharing details with security industry media . For the record , when The Dark Overlord contacted me to help them blackmail Attack.Ransom companies , I declined . I believe that companies should do everything in their power to protect their customers and prevent criminals from profiting from extortion Attack.Ransom . We simply don ’ t know the truth of the Turkish Crime Family ’ s claims , and whether Apple users are at risk . But I do hope that the media stories will help remind Apple users of the importance of using a strong , unique password to secure their account and enable two-factor authentication to make their accounts harder to break into .

A hacker ( or hacker group ) known as The Dark Overlord ( TDO ) has leaked Attack.Databreach the first ten episodes of season 5 of the `` Orange Is The New Black '' show after two failed blackmail Attack.Ransom attempts , against Larson Studios and Netflix . TDO is one of the most well-known figures in today 's dwindling hacker landscape . He first appeared on the scene in late 2015 and made a name for himself by hacking Attack.Databreach healthcare organizations , stealing Attack.Databreach their data , and trying to extract ransoms Attack.Ransom from victims by threatening to release sensitive data to the public . The hacker 's online presence shrunk in the past few months , as many hoped he called it quits and moved on to other activities . Last night , at around 22:00 UTC ( 17:00 ET ) , your reporter noticed the hacker posting links on his Twitter profile that linked to a Pastebin page , GitHub profile , and a Pirate Bay torrent sharing episode 1 of season 5 of Netflix 's `` Orange Is The New Black '' show . We did n't manage to get ahold of the Pastebin and GitHub links because they went down 20 minutes after they were posted , but we presume the links contained ransom demands Attack.Ransom . On the other hand , the Pirate Bay torrent file remained online , and users have downloaded and shared its content . Twelve hours later , TDO posted a new set of links on Twitter . These included a statement posted on Pastebin and a second torrent file , also hosted on The Pirate Bay , containing episodes 2 through 10 of the same season 5 of `` Orange Is The New Black . '' In the Pastebin statement , TDO says he released the ten `` Orange Is The New Black '' episodes because Netflix did n't want to pay a ransom demand Attack.Ransom . While we were n't able to get in touch with TDO after numerous attempts , the hacker spoke with the administrator of DataBreaches.net , a reporter named Dissent . In their interview , TDO revealed he discovered `` hundreds of GBs of unreleased and non-public media , '' on the servers of a Hollywood studio . The hacker did n't clarify if the server was exposed accidentally , or if he hacked it . DataBreaches.net identified the studio as Larson Studios , Inc. , an audio post-production company , who later confirmed TDO's extortion Attack.Ransom attempt via email . TDO claims the studio initially agreed to pay a ransom Attack.Ransom of 50 Bitcoin ( $ 67,000 ) by January 31 , and the two parties even signed a contract , albeit TDO signed it using the name `` Adolf Hitler . '' Something happened during the month of January , and the studio did not honor its word . At this point , the hacker turned from the studio to Netflix . According to TDO 's statement , Netflix did n't want to pay his ransom demand Attack.Ransom either , and after two months he was forced to release the first ten episodes of season 5 of `` Orange Is The New Black . '' According to Netflix 's website , season 5 is supposed to have 13 episodes and is scheduled for release in June , this year . The release of these episodes is TDO 's shot across the bow . The hacker claims to hold other unreleased shows and movies from several other studios .

Hackers have been trying to blackmail Attack.Ransom patients of a Lithuanian plastic surgery clinic , by threatening to publish their nude “ before and after ” photos online . The photos were stolen Attack.Databreach earlier this year , along with other sensitive data – passport scans , national insurance numbers , etc – from the servers of Grozio Chirurgija , which has clinics in Vilnius and Kaunas . According to The Guardian , the stolen data was first offered for sale in March . At that time , the hackers , who call themselves “ Tsar Team , ” released a small portion of the database to prove the veracity of their claims and to entice buyers . They asked for Attack.Ransom 300 bitcoin for the entire lot , and at the same time contacted some of the affected patients directly , offering to delete the sensitive data for a sum that varied between €50 and €2,000 ( in bitcoin ) . Apparently , among the patients of the clinic were also celebrities , both Lithuanian and not , and individuals from various European countries , including 1,500 from the UK . It is unknown if any of them paid the ransom Attack.Ransom , but the clinic did not try to buy back the stolen data . Instead , they called in the Lithuanian police , CERT and other authorities to help them prevent the spread of the data online , and to find the culprits . They ’ ve also asked the affected patients to notify the police if they got a ransom request Attack.Ransom from the hackers ; to notify news portals , forums or social networking sites of any links to the stolen data that may have been published in the comments on their sites and ask them to remove them ; and do the same if they find a link through Google Search . In the meantime , the hackers decided to leak Attack.Databreach online over 25,000 of the private photos they have stolen Attack.Databreach , more than likely in an attempt to force the affected patients ’ hand and get at least some money . It ’ s interesting to note that the name of the hacker group – Tsar Team – is also a name that has been associate with the Pawn Storm attackers ( aka APT28 , aka Sofacy ) , a Russian cyberespionage group that has targeted a wide variety of high-profile targets , including the NATO , European governments , the White House , and so on . It is unclear , though , if this is the same group . Given that it is a very unusual target for APT28 , it ’ s possible that these attackers have simply used the name to add weight to their demands .

No one likes to have their company hacked . No one is going to be happy if hackers manage to break into systems and steal Attack.Databreach away their intellectual property . In the case of companies like Disney , having a $ 230 million blockbuster like the latest Pirates of the Caribbean movie stolen Attack.Databreach could prove to be very costly if hackers follow through with their threats to seed their pirated copy of the film on torrent sites , disrupting its official release . But imagine how much more galling it would be to give in to the hackers ’ blackmail Attack.Ransom threats and pay a ransom Attack.Ransom for the movie not to be leaked online , only to discover later that the extortionists never had a copy of the film in the first place ? Earlier this month it was widely reported that Walt Disney ’ s CEO Bob Iger had been contacted by hackers who were threatening to release one of the studio ’ s movies onto the internet unless a ransom was paid Attack.Ransom . Iger didn ’ t say what movie the hackers claimed to have stolen Attack.Databreach , but it was widely thought to be the soon to be released “ Pirates of the Caribbean : Dead Men Tell No Tales. ” That theory of the hacked movie ’ s identity certainly gained more momentum when it was reported that torrents had been spotted on Pirate Bay claiming to be the blockbuster starring Johnny Depp , Javier Bardem and Geoffrey Rush . However , none of those downloadable torrents were confirmed to contain the “ Pirates of the Caribbean ” movie . And in a video interview with Yahoo Finance , Disney ’ s CEO debunked claims that a movie had ever been stolen Attack.Databreach : “ To our knowledge we were not hacked . We had a threat of a hack Attack.Databreach of a movie being stolen Attack.Databreach . We decided to take it seriously but not react in the manner in which the person who was threatening us had required . We don ’ t believe that it was real and nothing has happened. ” In short , Disney says that it was not accurate that a movie was ever stolen Attack.Databreach , and it refused to pay the ransom demand Attack.Ransom to the extortionists . And that , in itself , may be a lesson for other companies to keep a cool head when they receive an extortion demand Attack.Ransom claiming that intellectual property or sensitive data has been stolen Attack.Databreach by hackers . Obviously all threats should be taken seriously , and you should explore appropriately whether it is possible a security breach has genuinely occurred , review the security of your systems , and inform law enforcement agencies as appropriate . But don ’ t be too quick to pay Attack.Ransom the criminals who are making threats against you . If you can , seek evidence that the hackers have what they claim to have , rather than reaching first for your wallets . It ’ s perfectly possible that some extortionists are simply jumping on the bandwagon of high profile hacks in an attempt to trick you into believing your company is the latest victim . Keep a cool head when your company receives a threat , or else you might find yourself in deep water , swimming with the hungry fishes .

Rapid7 disclosed Vulnerability-related.DiscoverVulnerability a found vulnerability in Yopify , an ecommerce notification plugin utilised by a number of websites including Shopify , that indirectly leaks Attack.Databreach the first name , last initial , city and purchase data of recent online shoppers – all without user authorisation . The various plugin sites show over 300 reviews of Yopify , which suggests that the number of exploitable sites is at least in the hundreds , and perhaps thousands . While seemingly harmless at first glance , this personal shopper data can be used by hackers to infer parts of customers ’ identities making them vulnerable to personal information breaches Attack.Databreach , blackmail Attack.Ransom and even violence .

He 's experimented with a simulated water treatment system based on actual programmable logic controllers ( PLCs ) and documented how these can be hacked . David Formby , a PhD student at Georgia Institute of Technology , conducted his experiment to warn the industry about the danger of poorly-secured PLCs . These small dedicated computers can be used to control important factory processes or utilities , but are sometimes connected to the internet . For instance , Formby found that 1,500 of these industrial PLCs are accessible online , he said while speaking at the RSA cybersecurity conference on Monday . It 's not hard to imagine a hacker trying to exploit these exposed PLCs , he added . Cybercriminals have been infecting businesses across the world with ransomware , a form of malware that can hold data hostage Attack.Ransom in exchange for bitcoin . For a hacker , holding an industrial control system hostage Attack.Ransom can also be lucrative , and far more devastating for the victim . “ He ( the hacker ) can threaten to permanently damage this really sensitive equipment , ” Formby said . In a month 's time he developed a ransomware-like attack to control the PLCs to fill the storage tank with too much chlorine , making the water mix dangerous to drink . Formby also managed to fool the surrounding sensors into thinking that clean water was actually inside the tank . A hacker wanting to blackmail Attack.Ransom a water utility could take a same approach , and threaten to taint the water supply unless paid a ransom Attack.Ransom , he warned . Real-world water treatment systems are more sophisticated than the generic one he designed , Formby said . However , poorly-secured PLCs are being used across every industry , including in oil and gas plants and manufacturing . Most of these PLCs he found that were accessible online are located in the U.S. , but many others were found in India and China , he said . Formby recommends that industrial operators make sure they understand which systems connect to the internet , and who has control over them . He ’ s also set up a company designed to help operators monitor for any malicious activity over their industrial control systems .