New statements from Apple make it clear that they do not believe a hacker , or group of hackers , breached any of their systems . This comes after a recent report from Motherboard that a hacker gang called the `` Turkish Crime Family '' is threatening to remotely wipe up to 559 million iPhones by April 7 . The hackers claim they hold an alleged cache of stolen accounts , and their goal is to shake down Attack.Ransom the big Apple for $ 75,000 in Bitcoin or Ethereum cryptocurrency . Alternatively , in lieu of those options , they will even accept Attack.Ransom $ 100,000 in iTunes gift cards ( a potentially risky option for them ) . Apple responded to the allegation that the hackers breached Attack.Databreach its systems , assuring their systems were not compromised Attack.Databreach , but did not confirm if the hackers do in fact hold Attack.Databreach an entire collection of Apple IDs and passwords . Whatever information they do have , probably came from previously comprised third-parties . `` If the list is legitimate , it was not obtained Attack.Databreach through any hack Attack.Databreach of Apple , '' an Apple spokesperson told Fortune in an email . `` There have not been any breaches Attack.Databreach in any of Apple 's systems including iCloud and Apple ID . '' Even if the data did n't come from an Apple breach Attack.Databreach , it could still mean your iCloud login details are out there . Fortune suggested that the logins could be from the LinkedIn hack Attack.Databreach , in which login info from 117 million accounts was sold on the black market site `` The Real Deal . '' Though , if the Turkish Crime Family really has 559 million accounts , well , a mere fraction of the 117 million from LinkedIn does n't really cut it . The hackers have been sending login information to media companies in an effort to gather attention to their scam . For example , The Next Web received a small fraction of the alleged data from the hackers , and cross-referenced the info with the site Have I Been Pwned , which checks to see if your email or username has been compromised Attack.Databreach in a hack . Most of the samples provided to TNW do n't appear to have been involved in the LinkedIn hack or other hacks in the Pwned database , but TNW was able to access Attack.Databreach the accounts with the login information provided by the hackers , so the info looks legitimate . They ca n't test every login , so the small sample may not be indicative of the whole . The Turkish Crime Family also noted to TNW that all conversations with Apple were actually kept private and never reported to Motherboard . Instead , the conversation between the Turkish Crime Family and Motherboard were led by a member that has now been removed for his `` inaccuracy '' and `` lack of professionalism , '' an the group denies the authenticity of Motherboard 's report . Overall , the hacking team seems to have a hard time sticking to one story . Now , the hacker group is confirming Apple 's statement that its systems have not been breached Attack.Databreach , and that the stolen data was obtained Attack.Databreach through previously compromised systems over the last five years . The Turkish Crime Family is , in fact , not contradicting Apple . They did not breach Attack.Databreach the company , nor did they ever state to Motherboard that they stole Attack.Databreach the info directly from Apple . Rather , after Motherboard 's breaking March 21 report , a breach was assumed by some news outlets such as BGR , though most media sites never directly stated that the hackers breached Apple . The Turkish Crime Family 's initial response to Motherboard , and the group 's only statement , was to extort Attack.Ransom Apple over an alleged cache of iCloud and other Apple email accounts . The group never stated where their cache of data came from until today when they contacted TNW in response to Apple .

The murky ecosystem of ransomware payments Attack.Ransom comes into focus in new research led by Damon McCoy , an assistant professor of computer science and engineering at the NYU Tandon School of Engineering . Ransomware attacks Attack.Ransom , which encrypt and hold a computer user 's files hostage in exchange for payment Attack.Ransom , extort Attack.Ransom millions of dollars from individuals each month , and comprise one of the fastest-growing forms of cyber attack . In a paper slated for presentation at the IEEE Symposium on Security and Privacy in May , McCoy and a team including researchers from the University of California , San Diego ; Princeton University ; Google ; and the blockchain analytics firm Chainalysis provide the first detailed account of the ransomware payment ecosystem , from initial attack to cash-out . Key findings include the discovery that South Koreans are disproportionately impacted Attack.Ransom by ransomware campaigns , with analysis revealing that $ 2.5 million of the $ 16 million in ransomware payments Attack.Ransom tracked by the researchers was paid Attack.Ransom in South Korea . The paper 's authors call for additional research to determine the reason that so many South Koreans are victimized and how they can be protected . The team also found that most ransomware operators used a Russian bitcoin exchange , BTC-E , to convert bitcoin to fiat currencies . ( BTC-E has since been seized by the FBI . ) The researchers estimate that at least 20,000 individuals made ransomware payments Attack.Ransom over the past two years , at a confirmed cost of $ 16 million , although the actual payment total is likely far higher . McCoy and his collaborators took advantage of the public nature of the bitcoin blockchain technology to trace ransom payments Attack.Ransom over a two-year period¬ . Bitcoins are the most common currency of ransomware payments Attack.Ransom , and because most victims do not own them , the initial bitcoin purchase provides a starting point for tracking payments . Each ransomware victim is often given a unique payment address that directs to a bitcoin wallet where the ransom Attack.Ransom is collected . The research team tapped public reports of ransomware attacks Attack.Ransom to identify these addresses and correlate them with blockchain transactions . To boost the number of transactions available for analysis , the team also executed real ransomware binaries in a controlled experimental environment , essentially becoming victims themselves and making micropayments to real ransom wallets in order to follow the bitcoin trail . `` Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically , and by injecting a little bit of our own money into the larger flow we could identify those central accounts , see the other payments flowing in , and begin to understand the number of victims and the amount of money being collected , '' McCoy said . The research team acknowledged that ethical issues prevent exploration of certain aspects of the ransomware ecosystem , including determining the percentage of victims who actually pay Attack.Ransom to recover their files . McCoy explained that despite having the ability to check for activity connected to a specific payment address , doing so would effectively `` start the clock '' and potentially cause victims to either pay a double ransom Attack.Ransom or lose the opportunity to recover their files altogether . Criminal use of cryptocurrencies is one of McCoy 's research focuses . He and fellow researchers previously tracked human traffickers through their use of Bitcoin advertising .

A malicious website initially set up to extort Attack.Ransom visitors to pay a cryptocurrency ransom Attack.Ransom has changed its course . Instead of demanding payment Attack.Ransom via Bitcoin , Ethereum , Bitcoin Cash or Litecoin in exchange for not leaking your password on the internet , the site now hijacks your computer ’ s processing power to mine cryptocurrency in the background . Designed as a copy of the Have I Been Pwned attack , the site began by asking users to enter their emails to see if their password has been compromised Attack.Databreach . Unfortunately , if your password was breached Attack.Databreach , the site demanded Attack.Ransom a “ donation ” of $ 10 by cryptocurrency to not publish your password in plain text on the web . Up to 1.4 billion passwords may have been breached Attack.Databreach , but it ’ s unclear how accurate that figure is . However , because it may be easier — and safer — to change your password than pay the ransom Attack.Ransom , as The Next Web noted , the site shifted its focus from demanding ransomware payments Attack.Ransom to taking over your PC ’ s processing power to mine for cryptocurrency in the background . The publication also confirmed that the malicious site did “ have a database with legitimate passwords , ” but that not all compromised passwords were stored in plain text . The Next Web did not reveal the site ’ s address in its report , citing security reasons , but noted that it doesn ’ t appear that any user had made payment . This is the latest ransomware in recent months that demand Attack.Ransom cryptocurrency as a form of payment . Prior to this incident Attack.Ransom , Thanatos encrypted files on a user ’ s PC by hijacking it using a brute force method . If you want to regain access to those files , you had to send payment Attack.Ransom via cryptocurrency to get a key to decrypt your files . However , at the time , there didn ’ t appear to be a proper decryption key even if you paid . According to a recent Google report , extortionists made out with $ 25 million in just two years , and cryptocurrency was the preferred way to get paid Attack.Ransom . Hackers are also changing the game when it comes to data theft Attack.Databreach . Rather than leaking Attack.Databreach the information to the dark markets , an IBM X-Force Intelligence Index report revealed that hackers prefer to hold files hostage in exchange for a ransom payment Attack.Ransom .

The US Attorney 's Office for the District of Northern Georgia announced Wednesday that a federal grand jury had returned indictments against two Iranian nationals charged with executing the March 2018 ransomware attack Attack.Ransom that paralyzed Atlanta city government services for over a week . Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri are accused of using the Samsam ransomware to encrypt files on 3,789 City of Atlanta computers , including servers and workstations , in an attempt to extort Attack.Ransom Bitcoin from Atlanta officials . Details leaked by City of Atlanta employees during the ransomware attack Attack.Ransom , including screenshots of the demand message posted on city computers , indicated that Samsam-based malware was used . A Samsam variant was used in a number of ransomware attacks Attack.Ransom on hospitals in 2016 , with attackers using vulnerable Java Web services to gain entry in several cases . In more recent attacks , including one on the health industry companies Hancock Health and Allscripts , other methods were used to gain access , including Remote Desktop Protocol hacks that gave the attackers direct access to Windows systems on the victims ' networks . The Atlanta attack was not a targeted state-sponsored attack . The attackers likely chose Atlanta based on a vulnerability scan . According to the indictment , the attackers offered Attack.Ransom the city the option of paying Attack.Ransom six Bitcoin ( currently the equivalent of $ 22,500 ) to get keys to unlock all the affected systems or 0.8 Bitcoin ( about $ 3,000 ) for individual systems . `` The ransom note directed the City of Atlanta to a particular Bitcoin address to pay the ransom Attack.Ransom and supplied a web domain that was only accessible using a Tor browser , '' a Department of Justice spokesperson said in a statement . `` The note suggested that the City of Atlanta could download the decryption key from that website . '' But within days of the attack , the Tor page became unreachable , and the City of Atlanta did not pay the ransom Attack.Ransom . Savandi , 27 , of Shiraz , Iran , and Mansouri , 34 , of Qom , Iran , have been charged under the Computer Fraud and Abuse Act ( CFAA ) for `` intentional damage to protected computers ... that caused losses exceeding $ 5,000 , affected more than 10 protected computers , and that threatened the public health and safety , '' the Justice Department spokesperson said . They are also charged in a separate indictment in the US District Court for the District of New Jersey in connection with another ransomware attack Attack.Ransom , in which a ransom was apparently paid Attack.Ransom .

Apple is reassuring customers that its systems have not been breached Attack.Databreach while a hacker , or hackers , threaten to remotely wipe hundreds of millions iPhones of all their data , including photos , videos , and messages . The hackers are using an alleged cache of stolen email accounts and passwords as leverage in an attempt to extort Attack.Ransom the world ’ s most valuable company . They claim to have access Attack.Databreach to as many as 559 million Apple email and iCloud accounts , Vice blog Motherboard reported on Tuesday . The group , calling itself “ Turkish Crime Family , ” said it would delete its alleged list of compromised login credentials only after Apple pays Attack.Ransom it $ 75,000 in cryptocurrency , either Bitcoin or rival Ether , or $ 100,000 worth of iTunes gift cards , Motherboard reported . The group has given Apple ( aapl ) a deadline of April 7 to meet its demands . Though Apple has not officially confirmed the authenticity of the data that the hackers say they have , an Apple spokesperson told Fortune in an emailed statement that , if the list is legitimate , it was not obtained Attack.Databreach through any hack Attack.Databreach of Apple . “ There have not been any breaches Attack.Databreach in any of Apple ’ s systems including iCloud and Apple ID , ” the spokesperson said . “ The alleged list of email addresses and passwords appears to have been obtained Attack.Databreach from previously compromised Attack.Databreach third-party services ” . A person familiar with the contents of the alleged data set said that many of the email accounts and passwords contained within it matched data leaked Attack.Databreach in a past breach Attack.Databreach at LinkedIn . The company representative declined to elaborate on what steps Apple had taken to monitor the situation . The spokesperson merely noted that such measures , whatever they may be , are “ standard procedure ” . Apple customers who secure their iCloud accounts with the same passwords they use on other online accounts—especially ones at LinkedIn , Yahoo ( yhoo ) , Dropbox , and other sites recently revealed to have suffered big breaches over the past few years—should adopt new passwords that are long , strong , and unique . Many security experts also recommend storing them in a password manager , and activating two-factor authentication , an additional layer of security , where available .

Security experts say they are skeptical that a group of hackers called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials . A more plausible explanation , they say , is that crooks used credential stuffing attacks to amass a limited number of valid Apple usernames and passwords in attempt to extort money Attack.Ransom from Apple . Earlier this week , the group identifying itself as the Turkish Crime Family claimed to have a database of 750 million iCloud.com , me.com and mac.com email addresses and credentials . “ There have not been any breaches Attack.Databreach in any of Apple ’ s systems including iCloud and Apple ID , ” Apple said in a statement . “ The alleged list of email addresses and passwords appears to have been obtained Attack.Databreach from previously compromised Attack.Databreach third-party services ” . Hackers behind the claim are demanding Attack.Ransom Apple pay Attack.Ransom them $ 75,000 in cryptocurrency or give Attack.Ransom them $ 100,000 in iTunes vouchers , according to reports . If demands are not met by April 7 , the group said it will begin deleting data stored on iCloud accounts en masse . An independent analysis of 54 samples of the breached account data provided to ZDNet by the hackers were valid . However , security experts such as Troy Hunt , who runs the data breach repository HaveIBeenPwned.com , still isn ’ t convinced . Hunt told Threatpost he suspects the hack is a hoax , admitting he has not seen the any samples of the breached data . “ It ’ s entirely possible whoever is behind this could have username and password pairs that work on a limited number of Apple accounts in just the same way as re-used credentials will work across all sorts of other accounts , ” Hunt said . He said the Turkish Crime Family likely has a far smaller pool of valid Apple credentials than it claims . Shuman Ghosemajumder , CTO of the firm Shape Security told Threatpost he suspects the hackers may have used credential stuffing attacks , using data from previous breaches , to gain access to an undetermined number of iCloud accounts . Shape Security estimates that last year alone 3.3 billion credentials were exposed Attack.Databreach via breaches . Despite credential stuffing ’ s low success rate of 1 percent to 2 percent , Ghosemajumder said , when applied to a large enough cache of data ( purchased on the dark web by the database ) the hackers may have enough information to successfully crack thousands of Apple accounts . “ There are certainly enough credentials spilled onto the internet to think someone could use credential stuffing techniques to pull together a convincing number of valid accounts in attempt to extort Attack.Ransom Apple for ransom money Attack.Ransom , ” Ghosemajumder said . Patrick Wardle , director of research at Synack , echoed the same credential theory suggesting that breaches Attack.Databreach over the past year have given hackers ample opportunity to pull together some valid iCloud account credentials . Since approaching Apple earlier this month with its demands , the Turkish Crime Family has been inconsistent about how many account credentials it allegedly possesses . Speaking to various different media outlets , the group has said it had 200 million credentials to as many as 750 million . The hacking group said that its repository isn ’ t the result of one breach , rather multiple . On Thursday , the group claimed to have a database of 750 million credentials , 250 million of which are “ checked and working , ” according to the group . Meanwhile , Apple says it ’ s actively monitoring to prevent unauthorized access to user accounts and is working with law enforcement to identify the criminals behind the Turkish Crime Family extortion scheme Attack.Ransom .

The group of hackers that leaked Attack.Databreach the upcoming fifth season of “ Orange Is the New Black ” this weekend may have also secured access Attack.Databreach to some three dozen other shows and movies . TheDarkOverlord , as the group calls itself , provided cybersecurity blog DataBreaches.net with a long list of movies and TV shows it claimed to have stolen Attack.Databreach from Larson Studios , a Hollywood-based audio post-production company . In addition to “ Orange Is the New Black , ” it also lists a number of high-profile shows from the big broadcast networks , including ABC ’ s “ The Catch , ” NBC ’ s “ Celebrity Apprentice , ” CBS ’ “ NCIS Los Angeles , ” and Fox ’ s “ New Girl. ” Other shows included are IFC ’ s “ Portlandia , ” FX ’ s “ It ’ s Always Sunny in Philadelphia , ” “ Breakthrough ” from NatGeo , E ! ’ s “ The Arrangement , ” “ Bunk ’ d ” from the Disney Channel , and Netflix ’ s “ Bill Nye Saves the World. ” The list also makes mention of a few movies , including the Netflix original “ Win It All , ” the Lifetime TV movie “ A Midsummers Nightmare , ” and a YouTube Red Liza Koshy special . It ’ s worth noting that this list is by no means confirmed . ABC , NBC , Fox , FX , IFC , and NatGeo all declined to comment when contacted by Variety . CBS and E ! did not respond . Netflix acknowledged the breach in a statement earlier this weekend , saying : “ We are aware of the situation . A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved. ” The company hasn ’ t commented on details of the leak . TheDarkOverlord suggested on Twitter earlier this weekend that it might be trying to extort Attack.Ransom Fox , IFC , Nat Geo , and ABC next , but it is unknown whether they may be in the process of trying to extort Attack.Ransom other studios and networks . The hackers had previously unsuccessfully tried to solicit extortion money Attack.Ransom from Larson Studios as well as Netflix to not release “ Orange Is the New Black , ” and may have used the release of the entire season this weekend as a way to pressure others to pay up Attack.Ransom .

The group of hackers that leaked Attack.Databreach the upcoming fifth season of “ Orange Is the New Black ” this weekend may have also secured access Attack.Databreach to some three dozen other shows and movies . TheDarkOverlord , as the group calls itself , provided cybersecurity blog DataBreaches.net with a long list of movies and TV shows it claimed to have stolen Attack.Databreach from Larson Studios , a Hollywood-based audio post-production company . In addition to “ Orange Is the New Black , ” it also lists a number of high-profile shows from the big broadcast networks , including ABC ’ s “ The Catch , ” NBC ’ s “ Celebrity Apprentice , ” CBS ’ “ NCIS Los Angeles , ” and Fox ’ s “ New Girl. ” Other shows included are IFC ’ s “ Portlandia , ” FX ’ s “ It ’ s Always Sunny in Philadelphia , ” “ Breakthrough ” from NatGeo , E ! ’ s “ The Arrangement , ” “ Bunk ’ d ” from the Disney Channel , and Netflix ’ s “ Bill Nye Saves the World. ” The list also makes mention of a few movies , including the Netflix original “ Win It All , ” the Lifetime TV movie “ A Midsummers Nightmare , ” and a YouTube Red Liza Koshy special . It ’ s worth noting that this list is by no means confirmed . ABC , NBC , Fox , FX , IFC , and NatGeo all declined to comment when contacted by Variety . CBS and E ! did not respond . Netflix acknowledged the breach in a statement earlier this weekend , saying : “ We are aware of the situation . A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved. ” The company hasn ’ t commented on details of the leak . TheDarkOverlord suggested on Twitter earlier this weekend that it might be trying to extort Attack.Ransom Fox , IFC , Nat Geo , and ABC next , but it is unknown whether they may be in the process of trying to extort Attack.Ransom other studios and networks . The hackers had previously unsuccessfully tried to solicit extortion money Attack.Ransom from Larson Studios as well as Netflix to not release “ Orange Is the New Black , ” and may have used the release of the entire season this weekend as a way to pressure others to pay up Attack.Ransom .

FireEye has identified a set of financially motivated intrusion operations being carried out by a threat actor we have dubbed FIN10 . FIN10 is known for compromising Attack.Databreach networks , stealing Attack.Databreach sensitive data , and directly engaging victim executives and board members in an attempt to extort Attack.Ransom them into paying Attack.Ransom between 100 and 500 bitcoins ( valued at between $ 125,000 and $ 620,000 as of mid April 2017 ) . For some victims that did not give into the demand Attack.Ransom , FIN10 escalated their operation and destroyed critical production systems and leaked Attack.Databreach stolen data to journalists in an attempt to increase visibility of the compromise and coerce victims into paying up Attack.Ransom . The first known FIN10 operation was in 2013 and their operations have continued until at least 2016 . To date , we are primarily aware of Canadian victims – specifically casinos and mining organizations . Given the release of sensitive victim data , extortion Attack.Ransom , and destruction of systems , FireEye considers FIN10 to be one of the most disruptive threat actors observed in the region so far .