Search the Community
Showing results for tags 'extortion'.
mood posted a topic in Security & Privacy NewsEuropean e-ticketing platform Ticketcounter extorted in data breach A Dutch e-Ticketing platform has suffered a data breach after a database was stolen from an unsecured staging server. Ticketcounter is a Dutch e-Ticketing platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue. On February 21st, a threat actor created a topic on a hacker forum to sell the stolen Ticketcounter database but quickly took the post down. It was believed at first to be removed out of concern for the watchful eyes of the Netherlands Police. However, the threat actor told BleepingComputer that they have no fear of law enforcement, and they removed it as the database was sold privately. From the samples of the database seen by BleepingComputer, the data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords. Redacted sample of data exposed in data breach Ticketcounter confirms breach Ticketcounter has confirmed the data breach to both BleepingComputer and Troy Hunt of HaveIBeenPwned, who spoke to the company's owner after receiving the database. In what should be a model of transparency, Ticketcounter CEO Sjoerd Bakker has told BleepingComputer that they copied a database to a Microsoft Azure server to test an 'anonymization process' that replaces personal data with fake data. Unfortunately, after copying the database, it was not secured properly, and the threat actor was able to download it. Bakker stated that shortly after the threat actor was selling the database, the hacker also contacted Ticketcounter and demanded seven bitcoins, or approximately $337,000, not to leak the data. The threat actor warned that if Ticketcounter did not make a payment, they would contact all of Ticketcounter's partners to alert them of the breach. Ticketcounter was one step ahead and had already contacted all of their clients and shared what information has been stolen. As the actual ticket buyers are Ticketcounter's clients' customers, the individual venues have been advised to perform their own data breach notifications to those affected. Bakker told BleepingComputer that Ticketcounter is creating various resources for his clients to facilitate these data breach notifications. These include lookup widgets, FAQs, and email templates that clients can share with customers to learn about the breach. After not receiving a payment, the threat actor released the database for free today on a hacker forum. Database leaked for free The stolen database has been provided to HaveIBeenPwned's Troy Hunt by the threat actor and added to the data breach lookup service. For those who are concerned they may have been affected, you can submit your email to HaveIBeenPwned to see if it was included in the leaked data. What should you do if affected by the breach? If HaveIBeenPwned states that you were affected by this data breach, it becomes a bit difficult to determine which specific venue/site you have an account. As those affected are not customers of Ticketcounter directly, most users will have to wait until the particular venue discloses the data breach. While you wait, we recommend changing your passwords at sites where you use the same password. When changing your passwords, you should use a unique password so that a breach at one site does not affect you at other sites. BleepingComputer suggests using a password manager to keep track of all your passwords to help you with this. As the database has been released for free, those affected should also be careful of phishing emails that attempt to steal more sensitive information. Source: European e-ticketing platform Ticketcounter extorted in data breach
zanderthunder posted a topic in Security & Privacy NewsThe suspect, only identified by the initials B.B.A., second from left, is presented at a press conference at the headquarters of the National Police in South Jakarta on Friday. (Antara Photo/Reno Esnir) Police arrested a 21-year-old man in Sleman, Yogyakarta, on Friday for allegedly using malicious software to extort victims and steal financial data for personal gain. Yogyakarta Police spokesman Senior Comr. Yuliyanto said the suspect, only identified by the initials B.B.A., sent phishing emails to at least 500 randomly selected addresses to spread ransomware, or software designed to block access to computer systems until a ransom is paid. The suspect had reportedly been acting alone since 2014 and collected 300 Bitcoins, or equivalent to around Rp 31.5 billion ($2.25 million), Yuliyanto said. He said the investigation started after a tipoff that the suspect had hacked the computer system of a company based in San Antonio, Texas. The suspect allegedly also stole credit card data from internet users for personal gain. The National Police's cybercrime unit is investigating the case. Yuliyanto said the Yogyakarta Police are assisting in the investigation and will forward evidence to the National Police headquarters in Jakarta. "The evidence includes a Harley Davidson motorcycle and several computers. We will send these [to Jakarta]," he said. The suspect has been in custody in Jakarta since his arrest. The suspect lived in a boarding house in Sleman for the past two years, Yuliyanto said, without providing further detail. Senior Comr. Rickynaldo Chairul, head of the police's cybercrime investigation unit, said separately in Jakarta that the suspect had sent emails containing hyperlinks that directed unsuspecting recipients to his webmail server, which would then install ransomware on recipients' computer systems and prevent them from accessing their data. In the case involving the US company, the suspect threatened to delete its data if it failed to pay the ransom within three days. "The suspect demanded the ransom be paid in Bitcoin before restoring access to the victim's mail server," Rickynaldo said. The suspect reportedly used the email address, [email protected], in his communications with victims. He faces up to six years in prison under the Electronic Information and Transactions Law. Source: Police Arrest Yogyakarta Man Who Used Ransomware Attacks to Amass 300 Bitcoins (via Jakarta Globe) p/s: For those who can understand Indonesian language, there's a news reporting on that. https://cyberthreat.id/read/3532/Pertama-Kali-dalam-Sejarah-Polri-Tangkap-Hacker-Ransomware
Pay Up, Or We’ll Make Google Ban Your Ads A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic. A redacted extortion email targeting users of Google’s AdSense program. Earlier this month, KrebsOnSecurity heard from a reader who maintains several sites that receive a fair amount of traffic. The message this reader shared began by quoting from an automated email Google’s systems might send if they detect your site is seeking to benefit from automated clicks. The message continues: “Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher. More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site.” The message goes on to warn that while the targeted site’s ad revenue will be briefly increased, “AdSense traffic assessment algorithms will detect very fast such a web traffic pattern as fraudulent.” “Next an ad serving limit will be placed on your publisher account and all the revenue will be refunded to advertisers. This means that the main source of profit for your site will be temporarily suspended. It will take some time, usually a month, for the AdSense to lift your ad ban, but if this happens we will have all the resources needed to flood your site again with bad quality web traffic which will lead to second AdSense ban that could be permanent!” The message demands $5,000 worth of bitcoin to forestall the attack. In this scam, the extortionists are likely betting that some publishers may see paying up as a cheaper alternative to having their main source of advertising revenue evaporate. The reader who shared this email said while he considered the message likely to be a baseless threat, a review of his recent AdSense traffic statistics showed that detections in his “AdSense invalid traffic report” from the past month had increased substantially. The reader, who asked not to be identified in this story, also pointed to articles about a recent AdSense crackdown in which Google announced it was enhancing its defenses by improving the systems that identify potentially invalid traffic or high risk activities before ads are served. Google defines invalid traffic as “clicks or impressions generated by publishers clicking their own live ads,” as well as “automated clicking tools or traffic sources.” “Pretty concerning, thought it seems this group is only saying they’re planning their attack,” the reader wrote. Google declined to discuss this reader’s account, saying its contracts prevent the company from commenting publicly on a specific partner’s status or enforcement actions. But in a statement shared with KrebsOnSecurity, the company said the message appears to be a classic threat of sabotage, wherein an actor attempts to trigger an enforcement action against a publisher by sending invalid traffic to their inventory. “We hear a lot about the potential for sabotage, it’s extremely rare in practice, and we have built some safeguards in place to prevent sabotage from succeeding,” the statement explained. “For example, we have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems.” Google said it has extensive tools and processes to protect against invalid traffic across its products, and that most invalid traffic is filtered from its systems before advertisers and publishers are ever impacted. “We have a help center on our website with tips for AdSense publishers on sabotage,” the statement continues. “There’s also a form we provide for publishers to contact us if they believe they are the victims of sabotage. We encourage publishers to disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us, and our Ad Traffic Quality team will monitor and evaluate their accounts as needed.” Source: Pay Up, Or We’ll Make Google Ban Your Ads (KrebsOnSecurity - Brian Krebs)