Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:40 PM
Connect Directly

6 Recent Real-Life Cyber Extortion Scams

Companies have paid millions, shuttered their doors, and suffered downtime as malicious hackers ramp up blackmail efforts.

June has been quite the month for news of cyber extortion, ransomware, and hacking hostage taking. As cyber crooks look to new and ingenious ways to make a buck off their trade, they're increasingly holding the sword of Damocles over the heads of businesses and government agencies alike. They're doing so by stealing data and threatening public exposure, starting disruptive attacks and promising respite for a price, and encrypting data to hold it hostage until bribes are paid up.

Here are a few of the incidents that have come to light in the past few weeks.

1. Code Spaces
What happened: The code hosting company Code Spaces was put in an untenable position last week. It was hit by a DDoS attack and then extorted by a hacker who had gained control of the firm's Amazon EC2 control panel and hoped to get paid by the firm in exchange for returning control to its operations.

Fallout: Code Spaces did not play ball with the extortionists. Instead, it scurried to take back its account by changing passwords. It was thwarted by the criminal, who had created backup logins to the panel and started randomly deleting files once he saw what the company was doing. In the end, the company claimed that "most of our data, backups, machine configurations and offsite backups were either partially or completely deleted." The situation led the company to shut its doors.

2. Nokia
What happened: Cyber extortion may be a growing favorite among cyber criminals, but it isn't a new trick. In fact, news broke last week about a blackmail case dating back to 2007 that had Nokia pay millions of euros in extortion money. The Finnish phone manufacturer was being held hostage by a hacker who managed to steal an encryption key used in its prevalent Symbian operating system. The attacker threatened to make the key public if Nokia didn't meet payment demands, putting Symbian at risk of other criminals using the key to upload legitimate-looking but malicious apps to phones worldwide.

Fallout: The company did contact Finland's National Bureau of Investigation, but it still got financially soaked by a botched payoff. In a twist of events that could make a good television episode, Nokia left millions of euros in a parking lot with the hope that authorities could trace the perpetrator during the pickup. But the criminal managed to snag the cash and get away without a trace, leaving the case cold years later.

3. Feedly
What happened: The RSS feed service provider Feedly experienced widespread outages this month due to DDoS attacks that were followed up by blackmail attempts by the perpetrators, who promised to ease up if the firm paid a ransom. Feedly publicly spurned the bribe attempt and reported that it was working with other firms suffering from attacks from the same group, along with the authorities, to bring the perpetrators to justice.

Fallout: The company worked furiously with its content network provider to restore service as quickly as possible. In this particular instance, the company was able to thumb its nose at the bad guy and was up and running in a couple of hours. "We refused to give in and are working with our network providers to mitigate the attack as best as we can," Feedly CEO Edwin Khodabakchian told customers during the attack. "Please know that you data is safe and you will be able to re-access your feedly as soon as the attack is neutralized."

4. One More Cloud

What happened: Websolr and Bonsai, two search application infrastructure services provided by One More Cloud LLC, were hit late last week by a similar compromise as the one that shut down Code Spaces. The attacker compromised the services' AWS EC2 account and was looking to wreak havoc through that access.

Fallout: Unlike Code Spaces, Websolr and Bonsai were able to locate the compromised API access key quickly and revoke it immediately to prevent long-term compromise and keep a blackmailer from maintaining control over systems. As a result, One More Cloud was able to recover its data over the weekend and completely restore service.

5. Domino's
What happened: This month, the hacking group Rex Mundi went on a public blitz, claiming it had managed to steal customer records for 650,000 European Domino's Pizza customers. The group said it stole the records from the pizza chain's website, which had used only an MD5 hash to encrypt the data. Rex Mundi threatened to release those records if the company didn't pay it a ransom of €30,000 ($40,800) by Monday of last week.

Fallout: Domino's refused to comply with the hostage demands. Instead, it told customers that the stolen data did not contain financial information -- only contact details, delivery instructions, and passwords. It advised customers to change their passwords. Interestingly, Rex Mundi never made good on its threat.

6. Durham Police Department
What happened: The police department of a small New Hampshire town was struck this month by Cryptowall

Fallout: Durham refused to cooperate with the Cryptowall criminals. Selig specifically stated that not only were crime records not affected by the attack, but the department had sufficient backups to restore what was lost due to the attack, even if recovery would take some time.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
6/24/2014 | 8:52:30 AM
Re: Two common Web application attacks illustrate security concerns
It's good to see companies saying no to these extortion scams, albeit with varying degrees of success. Code Space, of course, bore the brunt of the fallout from refusing to play ball. But its gratifying to see that Dominos and even the tiny Durham NH police department were able to stand firm.  
User Rank: Apprentice
6/24/2014 | 8:33:03 AM
Two common Web application attacks illustrate security concerns
This is alarming indeed scams such as this are bound to increase in the future unless organizations take measures to ensure their data and networks are safe and should mitigate these threats proactively with robust security and encryption . I work with McGladrey and there's a whitepaper on our website that offers useful information on the common security concerns for businesses and ways to mitigate them. "Two common Web application attacks illustrate security concerns"   @  http://bit.ly/1c0f35M  
User Rank: Ninja
6/23/2014 | 2:28:53 PM
Every incident like these should make each IT professional feel more responsible for the maintenance of digital asset integrity, whether as part of a security team, release team or wherever they may sit, angry and looking twice as hard for solutions.  Because these attackers are so effective right now, some companies are falling to concession.  But is concedence the  answer?  I've seen arguments for/against companies taking things into their own hands and fighting back with their own hackers, and I've seen arguments for/against the government taking more control of the Internet such that more checkpoints can be placed to offer more security to businesses (on paper, at least).  Many solutions have been proposed from architecture changes, organization changes and software implementations.  Yet here we are and these vicious attacks continue to happen.  Definitely sobering.  Companies are going to be making hard choices in the next couple years from a budget perspective and responsibility perspective in terms of how far they are willing to go to keep these attacks from happening again.
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety r...