After stealing data from a number of healthcare organizations and demanding a ransom not to release the information, the hacking group TheDarkOverlord has now targeted the investment bank WestPark Capital.
A host of sensitive data including non-disclosure agreements, reports, and contracts were stolen from the firm and a ransom demand has been issued. If WestPark refuses to pay, the hacking group says it will publish the stolen data. TheDarkOverlord has already published links to around 20 documents including NDAs, reports, presentations and contracts.
WestPark has not disclosed how much money the attackers demanded, although a report in the Los Angeles Times suggest the ransom was in excess of $1 million.
TheDarkOverlord group conducted similar attacks on healthcare organizations over the summer. Those hacks resulting in large volumes of confidential and highly sensitive patient data being dumped online. A healthcare database containing 48,000 patient records was stolen from a firm in Farmington, Missouri; a database containing 210,000 patient records was stolen from a healthcare organization in the Central/Midwest United States, and a large database containing 397,000 patient records was stolen from a healthcare organization in Georgia. The largest database contained over 9 million health insurance records. Those records were listed online on a darknet marketplace for 750 million (Around $481 million).
Extortion using ransomware is now commonplace. Many organizations choose to pay the ransom to recover their data when backups fail or backups have not been made. There is a risk that after paying a ransom the attackers will not supply the keys to unlock the encryption, but many firms are given little alternative but to take that chance.
However, extortion attempts such as this carry a much higher risk. There is no guarantee that paying the ransom will prevent the release of data and since the attackers still hold the data after a ransom is paid, further extortion attempts may be made or the data may still be sold.
Once cybercriminals have stolen data there is little a company can do. Organizations must instead concentrate on defense, which means improving protections to ensure that hackers cannot breach the security perimeter again.
Technologies need to be implemented that allow breaches to be detected rapidly and steps should also be taken to ensure that if a breach does occur, damage is limited.
WestPark took the decision not to pay the ransom demand. According to a statement released by the hacking group, “CEO Richard Rappaport spat in our face after making our signature and quite frankly, handsome business proposal and so our hand has been forced.” The group subsequently dumped more WestPark data online.