online after Disney refused to meet hackers ' demandsAttack.Ransom. On 17 May , Softpedia 's Gabriela Vatu reported that two copies of Pirates of the Caribbean : Dead Men Tell No Tales had appeared on the popular ( and somewhat appropriate ) BitTorrent site The Pirate Bay . `` According to the information unearthed thus far , the hackers managed to get accessAttack.Databreachto the systems of Larson Studios in Hollywood , a company that handles additional dialogue recorded for movies . It seems that the copies they 've managed to get their hands on are in various stages of production and not exactly what you 'd expect from a full cinema-ready release . '' News of the extortion attempt first appeared in The Hollywood Reporter on 15 May when Bob Iger , CEO at Walt Disney , revealed the hackers had demandedAttack.Ransomthat Disney payAttack.Ransoma `` huge sum '' in Bitcoins to prevent them from leaking a then-undisclosed movie online . At the time , the attackers said they would release the film incrementally to netizens , first publishing clips lasting only a few minutes and slowly building up to 20-minute segments . Iger said Disney decided to not payAttack.Ransomthe attackers and was working with federal law enforcement to investigate the theft of one of its productions . It 's unclear who exactly perpetrated the leakAttack.Databreach- if indeed the files really are of the movie . Even so , a potential candidate is The Dark Overlord , a group of hackers who released the fifth season of Orange Is the New Black after Netflix refused to meet its ransom demandsAttack.Ransomback in April 2017 . Around that time , the hacking gang , which has also extortedAttack.Ransomnon-film entities in the past , tweeted out that it had stolenAttack.Databreachcontent from a number of other media companies . It did not name Walt Disney by name , though it did point to FOX , ABC , and others . Who is next on the list ? FOX , IFC , NAT GEO , and ABC . Oh , what fun we 're all going to have . We 're not playing any games anymore . While Disney and Netflix continue to work with the FBI in tracking down The Dark Overlord , someone has already removed the two copies of what claimed to be the Pirates of the Caribbean film from The Pirate Bay . The hackers could release the movies again . Or they might be focusing on their next target . While movie-goers might celebrate a leak of the movie , media companies like Walt Disney do n't want viewers gaining early access to their content . That 's why organizations should take the opportunity to conduct some security awareness training with their employees . This effort should include phishingAttack.Phishingsimulations and reviewing the security readiness of companies along their supply chains . Article updated 19 May 2017 . None of the files made available as downloadable torrents have been confirmed to contain footage of the movie . For more discussion on the issue , make sure to listen to this recent episode of the `` Smashing Security '' podcast . Your browser does not support this audio element .
No one likes to have their company hacked . No one is going to be happy if hackers manage to break into systems and stealAttack.Databreachaway their intellectual property . In the case of companies like Disney , having a $ 230 million blockbuster like the latest Pirates of the Caribbean movie stolenAttack.Databreachcould prove to be very costly if hackers follow through with their threats to seed their pirated copy of the film on torrent sites , disrupting its official release . But imagine how much more galling it would be to give in to the hackers ’ blackmailAttack.Ransomthreats and pay a ransomAttack.Ransomfor the movie not to be leaked online , only to discover later that the extortionists never had a copy of the film in the first place ? Earlier this month it was widely reported that Walt Disney ’ s CEO Bob Iger had been contacted by hackers who were threatening to release one of the studio ’ s movies onto the internet unless a ransom was paidAttack.Ransom. Iger didn ’ t say what movie the hackers claimed to have stolenAttack.Databreach, but it was widely thought to be the soon to be released “ Pirates of the Caribbean : Dead Men Tell No Tales. ” That theory of the hacked movie ’ s identity certainly gained more momentum when it was reported that torrents had been spotted on Pirate Bay claiming to be the blockbuster starring Johnny Depp , Javier Bardem and Geoffrey Rush . However , none of those downloadable torrents were confirmed to contain the “ Pirates of the Caribbean ” movie . And in a video interview with Yahoo Finance , Disney ’ s CEO debunked claims that a movie had ever been stolenAttack.Databreach: “ To our knowledge we were not hacked . We had a threat of a hackAttack.Databreachof a movie being stolenAttack.Databreach. We decided to take it seriously but not react in the manner in which the person who was threatening us had required . We don ’ t believe that it was real and nothing has happened. ” In short , Disney says that it was not accurate that a movie was ever stolenAttack.Databreach, and it refused to pay the ransom demandAttack.Ransomto the extortionists . And that , in itself , may be a lesson for other companies to keep a cool head when they receive an extortion demandAttack.Ransomclaiming that intellectual property or sensitive data has been stolenAttack.Databreachby hackers . Obviously all threats should be taken seriously , and you should explore appropriately whether it is possible a security breach has genuinely occurred , review the security of your systems , and inform law enforcement agencies as appropriate . But don ’ t be too quick to payAttack.Ransomthe criminals who are making threats against you . If you can , seek evidence that the hackers have what they claim to have , rather than reaching first for your wallets . It ’ s perfectly possible that some extortionists are simply jumping on the bandwagon of high profile hacks in an attempt to trick you into believing your company is the latest victim . Keep a cool head when your company receives a threat , or else you might find yourself in deep water , swimming with the hungry fishes .
The hacker group known as The Dark Overlord ( TDO ) leakedAttack.Databreachtoday the first eight episodes of an upcoming TV game show , set to premiere on ABC on Sunday , June 11 . The show 's name is Steve Harvey 's Funderdome , a seed-funding competition reality series where two budding entrepreneurs go head-to-head to win over a live studio audience to fund their ideas , products or companies . According to ABC , the first season of Funderdome will have 13 episodes . The first eight of these episodes are now available on The Pirate Bay . At the end of April , the same hacker group leakedAttack.Databreachthe first ten episodes of season 5 of Netflix 's `` Orange Is The New Black '' series . When they leakedAttack.Databreachthe Netflix show , the hackers said they were also in possession of content from other networks . The named FOX , IFC , NAT GEO , and ABC . In an interview , TDO said they got their hands on the content after they found an unprotected online database belonging to Larson Studios , Inc. , an audio post-production company that works with many US television channels and Hollywood movie studios . The hackers were n't able to extract a payment from either Larson Studios or Netflix . Last Friday , on June 2 , the hackers teased that an ABC leak was coming , when they tweeted : `` American Broadcasting Company may be up next , ladies and gentlemen . '' Early Monday morning ( European timezones ) , the hackers made good on their promise when they tweeted out the following statement in a Pastebin post . Moments later , they tweeted a link to The Pirate Bay page where users could download the episodes . At the time of writing , only three people are attempting to download the episodes . The lack of interest is justified by this being a new game show , rather than an established brand . I think it 's better to censor links and infohashes of the torrent ... this website may get sued for promoting piracy . People who need 'em will go to pirate bay anyway , no need to link it here Surprised anyone would risk jail to steal something as stupid as `` Funderdome . '' Could these leaks actually be promotional since the show is a boring `` been done before '' affair that no one would get excited over ? It 's been proven top torrents get top dollar billing too . The hacker probably did n't care about the show ... he cared about the money . I think ABC paid ransomAttack.Ransomfor other shows which might have been stolenAttack.Databreachby this hacker but decided to not payAttack.Ransomfor this one ...
A group of financially motivated hackers is targeting networks and systems of North American companies , threatening to leak the stolen information and cripple the company by disrupting their networks if they don ’ t pay a hefty ransomAttack.Ransom. The group , dubbed FIN10 by FireEye researchers , first gets access to the target companies ’ systems through spear-phishingAttack.Phishing( and possibly other means ) , then uses publicly available software , scripts and techniques to gain a foothold into victims ’ networks . They use Meterpreter or the SplinterRAT to establish the initial foothold within victim environments ( and later a permanent backdoor ) , then custom PowerShell-based utilities , the pen-testing tool PowerShell Empire , and scheduled tasks to achieve persistence . “ We have also observed FIN10 using PowerShell to load Metasploit Meterpreter stagers into memory , ” the researchers noted . The group leverages Windows Remote Desktop Protocol ( RDP ) and single-factor protected VPN to access various systems within the environment . Finally , they deploy destructive batch scripts intended to delete critical system files and shutdown network systems , in order to disrupt the normal operations of those systems . “ In all but one targeted intrusion we have attributed to FIN10 , the attacker ( s ) demandedAttack.Ransoma variable sum payable in Bitcoin for the non-release of sensitive data obtained during network reconnaissance stages , ” the researchers say . They requested sum varies between 100 to 500 Bitcoin . If the ransom isn’t paidAttack.Ransom, they publish the stolen data on Pastebin-type sites . The researchers do not mention if any of the companies refused to payAttack.Ransomand ended up having their systems and networks disrupted . For the time being , the group seems to have concentrated on hitting companies in North America , predominately in Canada . They ’ ve also concentrated on two types of businesses : mining companies and casinos . Still , it ’ s possible that they ’ ve targeted companies in other industries , or will do so in the future . FIN10 sends the extortion emails to staff and board members of the victim organizations , and are also known to contact bloggers and local journalists to inform them about the breach , likely in an attempt to pressure affected organizations into paying the ransomAttack.Ransom. Finally , even though they sign their emails with monikers used by Russian and Serbian hackers ( “ Angels_Of_Truth , ” “ Tesla Team , ” Anonymous Threat Agent ” ) , the quality of the group ’ s English , the low quality of their Russian , and inconsistencies in tradecraft all point away from these particular individuals or groups . “ Emphasis in regional targeting of North American-based organizations could possibly suggest the attacker ( s ) familiarity with the region , ” the researchers noted . They also point out that the “ relative degree of operational success enjoyed by FIN10 makes it highly probable the group will continue to conduct similar extortionAttack.Ransom- based campaigns at least in the near term. ” Companies that have been received a similar ransom demandAttack.Ransomare advised to move fast to confirm that the breach has actually happened , to determine the scope of the breach , to contain the attack , to boot the attackers from their networks , and make sure they can ’ t come back . Those last two steps are , perhaps , better done after the company definitely decides that they are ready to deal with the consequences of the attackers ’ anger . Calling in law enforcement and legal counsel for advice on what to do is also a good idea . “ Understand that paying the ransomAttack.Ransommay be the right option , but there are no guarantees the attacker ( s ) won ’ t come back for more money or simply leak the data anyway . Include experts in the decision-making process and understand the risks associated with all options , ” the researchers advise . Companies that have yet to be targeted by these or other hackers would do well to improve their security posture , but also to prepare for data breachesAttack.Databreachby tightening access to their backup environment , and knowing exactly who will be called in to help in case of a breachAttack.Databreach.
Remember when all you had to worry about with your car is getting an oil change every 3,000 miles . Today ’ s connected cars are miles ahead technologically speaking of those “ dumb ” vehicles , but drivers could see a bumpy ride if thieves get a hold of the data the car possesses . The Internet of Things ( IoT ) has created an entirely new market in the automotive industry with connected car services that are driving new recurring revenue growth and transforming the industry . And that trajectory is expected to continue , growing from $ 13.6 to top $ 42 billion by 2022 . Vehicles contain critical personal information such as personal contacts , registration and insurance details , financial information and even the address to the owner 's home – making entry , theft and further damage even more of a possibility . Vehicles have become an extension of one ’ s connected self and the technology associated with them offers substantial benefits . With the emergence of sophisticated technology , the nature of vehicle theft has changed . A major adversary of today ’ s vehicle owner is a smarter , connected and more targeted network of criminals , known as ‘ Connected Vehicle Thieves ’ . LoJack , provider of vehicle theft recovery and advanced fleet management solutions , shows how these New Age thieves can take advantage of the technology in vehicles . Vehicle-enabled ransomAttack.Ransom: One growing and increasingly lucrative type of cybercrime is the use of ransomware , where inserted malware encrypts digital data and instructs a victim to payAttack.Ransomthe criminal a ransomAttack.Ransomto restore the decrypted information . With the emergence of the connected car and vehicles being used as WiFi hot spots , vehicle-enabled ransomware is a predictable next step for hackers , exploiting this new avenue to commit digital “kidnapping”Attack.Ransom. For example , in the near future , they could easily break into a vehicle , disable the engine and brakes , and demand bitcoinAttack.Ransomto restore the car to its functional state . Scanner boxes as smart keys : Thieves have begun carrying scanner boxes , or devices that can exploit the electronic system utilized by key fobs . These criminals can then unlock , and even start , a vehicle without even touching the key . Once the key comes in close enough range to the scanner box and is compromised . Data leading to identity theft : These days , connected cars carry more information and personal data than ever before , making identity theft a more serious threat . Thieves are targeting your vehicle , but also the data within it , which could lead to credit card details , location information , Social Security numbers , and personal IDs like drivers ’ licenses . Once this information is obtainedAttack.Databreach, it ’ s possible for a hacker to access any of your online accounts .
As one victim discovered this Christmas , figuring out how to clean such an infection can be quite difficult . Ransomware for Android phones has already been around for several years and security experts have warned in the past that it 's only a matter of time until such malicious programs start affecting smart TVs , especially since some of them also run Android . In November 2015 , a Symantec researcher named Candid Wueest even went as far as to infect his own TV with an Android ransomware application to highlight the threat . While that infection was just a demonstration , this Christmas , the owner of an LG Electronics TV experienced the real deal . Kansas-based software developer Darren Cauthon reported on Twitter on Dec. 25 that a family member accidentally infected his Android-based TV with ransomware after downloading a movie-watching app . The picture shared by Cauthon showed the TV screen with an FBI-themed ransom message . On Android the majority of ransomware applications are so-called screen lockers . They work by displaying persistent messages on the phone 's screen and preventing users from performing any other actions on their devices . The messages usually impersonateAttack.Phishingsome law enforcement authority and askAttack.Ransomvictims to payAttack.Ransomfictitious fines to regain control . Cauthon , who was the previous owner of the three-year-old TV , tried to help the new owner restore the device to its default factory settings , but did n't succeed even after receiving many suggestions and advice from other Twitter users . According to the software developer , when he first contacted LG 's tech support , he was told that a technician would have to come over and take a look for a fee of around $ 340 . The ransom amount itself was $ 500 although even payingAttack.Ransomthat would have been difficult because there was no way to click on the payment section to find the instructions on how to do so . The only thing that worked was just moving a mouse-like pointer on a portion of the TV screen via an accompanying smart remote . Eventually LG provided Cauthon with a solution that involved pressing and releasing two physical buttons on the TV in a particular order . This booted the TV , which runs the now defunct Android-based Google TV platform , into a recovery mode . The Android recovery mode allows wiping the data partition , which deletes all user settings , apps and data and is the equivalent of a factory reset . While this sounds straightforward , Cauthon 's experience suggests that many users would have difficulty figuring it out on their own and would probably be forced to pay for technical assistance . If recovering from smart TV ransomware infections can be hard , imagine what users would have to deal with if these programs start infecting other internet-of-things devices , as some security experts predict . In this case , the victim was lucky because the ransomware app was only a screen locker and not a program that encrypts files . Smart TVs have USB ports and allow connecting external hard disk drives in order to watch personal videos or photo collections -- the type of files that are valuable to users , especially if they 're not backed up
Discovered at the start of the year , Spora distinguishes itself from similar threats by a few features , such as the option to work offline , and a ransom payment portal that uses `` credits '' to manage Bitcoin fees . Another of those unique features is a real-time chat window where victims can get in contact with ransomware operators . By tweaking the ransomware infection ID , security researchers can access the ransom payment page of different Spora victims . This has allowed researchers to keep track of conversations between victims and Spora operators . As stated in our original article about Spora , the criminals behind this ransomware operation consider themselves `` professionals '' and appear to have considerable experience in running ransomware campaigns . The thing that stood out for us in the beginning , and is still valid even today , is that the Spora gang pays a lot of attention to customer support . They provide help in both English and Russian and are very attentive not to escalate conversations with angry victims , always providing appropriate and timely responses to any inquiries . Security researcher MalwareHunter has spotted a few interesting conversations in the Spora ransom payment portal in the past few days . First and foremost , Spora authors have been very lenient to victims that could n't pay the ransomAttack.Ransom, often offering to extend or even disable the payment deadline altogether . Second , Spora authors had been offering discounts , free decryptions of important files and deadline extensions for people who were willing to leave a review of their support service on the Bleeping Computer Spora ransomware thread . At the time of writing , we have n't observed any users taking them on this offer and posting such reviews on our forum . The reason why the Spora crew asksAttack.Ransomcustomers for reviews is so other victims can read about their story and feel confident that if they payAttack.Ransom, they 'll receive their files back . This is a smart marketing move , since it builds trust in their service . Many times , other ransomware authors do n't always provide a way for victims to recover files , and more and more people now know there 's a high chance that paying the ransomAttack.Ransomwo n't always recover their files . MalwareHunter cites one case where the Spora gang has offered a 10 % discount to a company that suffered Spora infections on more than 200 devices .
The ransomware was delivered via a phishing attackAttack.Phishingand malicious attachments that locked them out of all their systems . The Lansing Board of Water & Light chose to payAttack.Ransom$ 25,000 in bitcoin because it was cheaper than replacing all the infected computers and software , which would have cost up to $ 10 million . As it is , the incidentAttack.Ransomcost them $ 2.5 million to wipe the infected computers and beef up their security controls , much of which was covered by insurance .
This Monday , Bleeping Computer broke the news that a hacker/group identified as Harak1r1 was taking over MongoDB databases left connected to the Internet without a password on the admin account . The group was exportingAttack.Databreachthe database 's content and replacing all tables with one named WARNING , that contained a ransom note , askingAttack.Ransomthe owners of the hacked database to payAttack.Ransom0.2 Bitcoin ( ~ $ 200 ) into Bitcoin wallet . At the time of our article , Harak1r1 had hijacked just over 1,800 MongoDB databases , and 11 victims have paid the ransomAttack.Ransomin order to recover their files . As time went by , Harak1r1 hijacked more databases , reaching at one point over 3,500 MongoDB instances , and currently peaking at over 8,500 . Among them , the hacker ( s ) had even managed to make a high-profile victim , in Emory Healthcare , a US-based healthcare organization . According to the MacKeeper Security Research Team , Harak1r1 had ransackedAttack.Databreachand blocked Emory 's access to more than 200,000 medical records . Attacks from harak1r1 went on for two more days , but as worldwide infosec media started covering the topic , two copycats appeared and started doing the same . The second group goes by the name of 0wn3d , and they work by replacing the hijacked database tables with a table named WARNING_ALERT . According to Victor Gevers , the researcher who initially discovered the first hacked MongoDBs around Christmas , this second group has hijacked just over 930 databases . Unlike Harak1r1 , this second group is a little bit more greedy and asks forAttack.Ransom0.5 Bitcoin , which is around $ 500 , but this has n't stopped companies from payingAttack.Ransom, with 0wn3d 's Bitcoin wallet showing that at least three victims had paidAttack.Ransomhis ransom demandsAttack.Ransom. A day later , the same Gevers came across a third actor , using the name 0704341626asdf , which appears to have hit over 740 MongoDB servers . This hacker/group is asking forAttack.Ransom0.15 Bitcoin ( ~ $ 150 ) , and he 's using a lengthier ransom note , in which he admonishes victims for leaving their DB open over the Internet . Furthermore , this threat actor appears to be more strict with victims and gives database owners 72 hours to pay the ransomAttack.Ransom. According to Gerves , the lines that allowed him to track the activity of these three groups is slowly blurring , as these groups started using more varied messages and different Bitcoin addresses . Additionally , in newer variations of these attacks , the hackers do n't appear to bother copying the hacked database . In recent attacksAttack.Ransom, Gevers says that crooks just delete the DB 's content , ask for a ransomAttack.Ransomregardless , and hope nobody checks the logs and discovers what they 've done . There is no evidence that they actual copied your database . According to Gevers , these groups are now fighting over the same turf , with many of them rewriting each other 's ransom notes . This leads to cases where database owners pay the ransomAttack.Ransomto the wrong group , who ca n't give their content back . `` It 's catching on and it looks more players are coming to the game .