New Breed of Ransomware Threatens to Expose Victoria’s Secrets

Published at: May 5, 2020

A series of ransomware attacks over the past week affected medical care, hundreds of thousands of parcel deliveries during the pandemic — and even a lingerie manufacturer. Attackers are threatening to leak sensitive data if companies fail to make the required payments.

ITNews reported that the Australian logistics giant Toll Group suffered its second ransomware attack so far this year, with a type of ransomware known as “Nefilim.”

Toll Group had shut down its IT system after detecting “unusual activities.” The company — responsible for delivering many hundreds of thousands of parcels per day — confirmed that the Neflim ransomware attack was unrelated to the one experienced earlier this year.

Toll Group is taking a hard line, assuring the media it wouldn’t pay the ransom, as with the first attack suffered in early 2020. It’s moving to manual processes to get the system moving again.

Threat to expose ‘secret’ information 

Sky News reported Beyonce and Victoria’s Secret Sri Lanka-based lingerie maker, MAS Holdings was also attacked, with the latest information indicating the attempted extortion is also from Nefilim.

The criminal group claims to have stolen 300GB of private files and posted some of the allegedly stolen documents online as evidence.

Sky News reported the hackers could potentially seek to exploit the breach to target the company's commercial partners. MAS Holdings declined to comment on whether it had alerted its partners or if any of their data had been affected. In an email the company said:

"MAS is constantly reviewing its security posture and threat actors do attempt to penetrate our network at times. We also adopt best practices in line with industry standards in managing such threats."

And on April 29 Cointelegraph reported a ransomware attack that targeted the Parkview Medical Center in Colorado, which rendered the technical infrastructure that kept patient information inoperable.

Growing trend for ransomware

Speaking with Cointelegraph, Brett Callow, threat analyst at Emsisoft, gave additional details regarding the attack:

“Exfiltrating data providers the cybercrime groups with additional leverage to extort payment and also add them with additional monetization options. Should the company not pay, the stolen data can be sold, traded, or for spear phishing attacks on other organizations. In fact, the actors may do that whether or not the company pays.”

According to Callow, the analysis revealed that there is clear evidence that data stolen in these attacks has been sold to the targeted company’s competitors, sold and traded on the dark web, used to spear-phish, and used for identity theft.

Cybercriminals leaked data as evidence of the attack

Cybercriminals claimed that they obtained 300 GB of private files from MAS Holdings, and as evidence, they had already published some stolen documents online.

Callow believes that such type of ransomware is showing a “growing trend” within the cybercrime world:

“The first group to steal and publish data was Maze at the end of last year. Since then, multiple other groups have adopted the same strategy, so it’s a strategy which obviously works. In one case, the Maze group asked for $2 million: $1 million to decrypt the data plus an additional $1 million to destroy the stolen copy. The amount of the demand will vary from victim to victim, and from case to case.”

However, Emsisoft revealed a considerable decline in the successful ransomware attacks, at least in the United States, during Q1 2020.

Tags
Related Posts
COVID-19 Ransomware Plagues Canadian Android Users
A new ransomware called CryCryptor is targeting Canadian Android users. It is distributed via multiple websites that pose as portals for a government-backed COVID-19 tracing app. According to research published by ESET on June 24, CryCryptor appeared shortly after Canada's government announced a COVID-19 tracing app that utilizes voluntary information submitted by citizens. Source: ESET Once the victim installs the fake app, the ransomware encrypts all files, leaving a "readme" note with the attacker's email instead of locking the device. For this particular attack, ransom instructions appear to only be distributed via email. An open source ransomware The ransomware’s code …
Technology / June 25, 2020
Israeli Software Firm Goes Behind Regulator's Back to Pay $250,000 in BTC Ransom
An Israel-based company reportedly paid $250,000 in Bitcoin for a ransom payment demanded by hackers that threatened to shut down its systems after a ransomware attack. According to a source quoted by Calcalist on June 14, Sapiens International Corp. N.V. — a Nasdaq and Tel Aviv-listed software company — didn’t report the decision to the securities’ regulators of either the U.S. or Israel. The ransomware attack happened at some point between March and April, when the COVID-19 outbreak exploded across the globe, forcing most of the company’s employees to switch to remote work. A suspected security breach during the early …
Technology / June 15, 2020
Mobile Ransomware That Doesn't Ask Victims For Crypto Emerges
A report from cybersecurity firm Check Point unveiled a new ransomware attack, where cybercriminals pose as the FBI to demand victims pay their "fine" by credit card. According to the April 28 report, the malware — known as "Black Rose Lucy" — is unusual, since there are no ransom payments involving cryptocurrencies like Bitcoins (BTC) and it affects users of mobile devices with Android as an operating system. Check Point had already tracked the beginnings of the malware since September 2018, originating in Russia as a "Malware-as-a-Service" (MaaS) botnet. However, it took the form of ransomware to make various changes …
Technology / April 28, 2020
Ransomware Attacks Are Way Down in the Midst of COVID-19
An April 21 report by malware lab Emsisoft showed that there was a significant drop in the number of successful ransomware attacks on the US public sector during Q1 2020. The findings show a total of 89 organizations were victims of ransomware in the first quarter of the year. And as the COVID-19 crisis deepened, successful attacks fell even lower, to levels "not seen in several years." Government entities were attacked less frequently, with those numbers going down from 19 in January to just seven in March. The same was mostly true for education: ten successful attacks in January, 14 …
Technology / April 21, 2020
Hospitals Still Being Attacked Despite Big Fall in Ransomware
The number of ransomware attacks globally has dropped significantly since the coronavirus crisis intensified in March, according to a new report from Chainalysis. The blockchain analytics firm said the drop was particularly significant given there were growing concerns over the impact of ransomware attacks against hospitals and other healthcare organizations during the crisis. Hospitals are a favoured target for ransomware gangs. Security software provider Emsisoft reported that over the course of 2019, at least 764 healthcare providers in the U.S. had been attacked. In mid-March Emsisoft publicly implored ransomware gangs to stop targeting hospitals due to the potential fatal impacts …
Technology / April 16, 2020