June has been quite the month for news of cyber extortion, ransomware, and hacking hostage taking. As cyber crooks look to new and ingenious ways to make a buck off their trade, they're increasingly holding the sword of Damocles over the heads of businesses and government agencies alike. They're doing so by stealing data and threatening public exposure, starting disruptive attacks and promising respite for a price, and encrypting data to hold it hostage until bribes are paid up.
Here are a few of the incidents that have come to light in the past few weeks.
1. Code Spaces
What happened: The code hosting company Code Spaces was put in an untenable position last week. It was hit by a DDoS attack and then extorted by a hacker who had gained control of the firm's Amazon EC2 control panel and hoped to get paid by the firm in exchange for returning control to its operations.
Fallout: Code Spaces did not play ball with the extortionists. Instead, it scurried to take back its account by changing passwords. It was thwarted by the criminal, who had created backup logins to the panel and started randomly deleting files once he saw what the company was doing. In the end, the company claimed that "most of our data, backups, machine configurations and offsite backups were either partially or completely deleted." The situation led the company to shut its doors.
What happened: Cyber extortion may be a growing favorite among cyber criminals, but it isn't a new trick. In fact, news broke last week about a blackmail case dating back to 2007 that had Nokia pay millions of euros in extortion money. The Finnish phone manufacturer was being held hostage by a hacker who managed to steal an encryption key used in its prevalent Symbian operating system. The attacker threatened to make the key public if Nokia didn't meet payment demands, putting Symbian at risk of other criminals using the key to upload legitimate-looking but malicious apps to phones worldwide.
Fallout: The company did contact Finland's National Bureau of Investigation, but it still got financially soaked by a botched payoff. In a twist of events that could make a good television episode, Nokia left millions of euros in a parking lot with the hope that authorities could trace the perpetrator during the pickup. But the criminal managed to snag the cash and get away without a trace, leaving the case cold years later.
What happened: The RSS feed service provider Feedly experienced widespread outages this month due to DDoS attacks that were followed up by blackmail attempts by the perpetrators, who promised to ease up if the firm paid a ransom. Feedly publicly spurned the bribe attempt and reported that it was working with other firms suffering from attacks from the same group, along with the authorities, to bring the perpetrators to justice.
Fallout: The company worked furiously with its content network provider to restore service as quickly as possible. In this particular instance, the company was able to thumb its nose at the bad guy and was up and running in a couple of hours. "We refused to give in and are working with our network providers to mitigate the attack as best as we can," Feedly CEO Edwin Khodabakchian told customers during the attack. "Please know that you data is safe and you will be able to re-access your feedly as soon as the attack is neutralized."
4. One More Cloud
What happened: Websolr and Bonsai, two search application infrastructure services provided by One More Cloud LLC, were hit late last week by a similar compromise as the one that shut down Code Spaces. The attacker compromised the services' AWS EC2 account and was looking to wreak havoc through that access.
Fallout: Unlike Code Spaces, Websolr and Bonsai were able to locate the compromised API access key quickly and revoke it immediately to prevent long-term compromise and keep a blackmailer from maintaining control over systems. As a result, One More Cloud was able to recover its data over the weekend and completely restore service.
What happened: This month, the hacking group Rex Mundi went on a public blitz, claiming it had managed to steal customer records for 650,000 European Domino's Pizza customers. The group said it stole the records from the pizza chain's website, which had used only an MD5 hash to encrypt the data. Rex Mundi threatened to release those records if the company didn't pay it a ransom of €30,000 ($40,800) by Monday of last week.
Fallout: Domino's refused to comply with the hostage demands. Instead, it told customers that the stolen data did not contain financial information -- only contact details, delivery instructions, and passwords. It advised customers to change their passwords. Interestingly, Rex Mundi never made good on its threat.
6. Durham Police Department
What happened: The police department of a small New Hampshire town was struck this month by Cryptowall
Fallout: Durham refused to cooperate with the Cryptowall criminals. Selig specifically stated that not only were crime records not affected by the attack, but the department had sufficient backups to restore what was lost due to the attack, even if recovery would take some time.