Black Shadow hackers demand $ 1 million not to leak data

Hacker group Black Shadow demanded that he be paid $ 1 million within 48 hours on Sunday, warning that he would otherwise leak or sell the rest of the information it collected from the database of the gay dating app Atraf.

In its latest attack on an Israeli company, Black Shadow leaked data from several companies served by the Israeli Internet company Cyberserve, including Atraf, the Kavim and Dan bus companies, and the Pegasus travel reservation company.

The latest attack was announced by the group on Friday, and Black Shadow claimed that it had damaged the servers. Cyberserve is a web hosting company, which means that it provides servers and data storage for other companies in all industries. The data seized by hackers covers a wide variety of businesses: from the Pegasus travel reservation company to the Dan bus company and even the Israel Children’s Museum.

Black Shadow claimed on its Telegram channel on Sunday that neither government officials nor Cyberserve contacted them about their ransom demand, so they had decided to allow the public to provide the $ 1 million ransom they were demanding. “Obviously this is not a major problem for them,” the group said. “We know that everyone is concerned about the ‘Atraf’ database. As you know, we are looking for money.”

The group promised that if it obtained the ransom, it would not leak the information of about a million people it had collected from Atraf. The group made no promises about any of the other data it had collected.

The National Cyber ​​Directorate in Jerusalem (credit: MARC ISRAEL SELLEM / THE JERUSALEM POST)

The Agudah – The Israel Association for LGBTQ Equality and the Israel Internet Association advised those affected by the cyberattack to make sure to change their usernames and passwords and use strong passwords. The two emphasized that in any ransom request or blackmail incident, those affected should contact the Israel Police.

“The natural human tendency can succumb to the demands of attackers, but past experience shows that there is no guarantee that personal content will be removed. Furthermore, it is an opening that can lead to additional ransom demands,” emphasized two organizations. . The two also advised those affected to notify social media platforms if their information is published on social media.

Those affected in the LGBTQ + community can contact a hotline set up by Agudah between 5 pm and 7 pm and between 7:30 pm and 10:30 pm from Sunday to Thursday at * 2982 and by WhatsApp at 058- 620-5591.

Black Shadow is responsible for previous attacks against the Israeli vehicle insurance company Shirbit and the financial company KLS. In their previous attacks, the affected companies claimed the group was Iranian, even though cybersecurity experts rejected the claims.

Yigal Ono, the head of the National Cyber ​​Directorate, told Army Radio on Sunday that Black Shadow appears to be a criminal group with an “anti-Israel smell”, adding that “it could be because they are of one origin or another, but it is not fundamentally different from what is happening around the world. “

Cybersecurity consultancy Einat Meyron stated in response to the most recent Black Shadow account that “the identity of the attacking group is slightly less important.”

“On the part of the attacked companies, for reasons of insurance and reputation, it is clear that they will want to attribute the attack to Iran. In practice, there is no need to make things easier for the attackers by refraining from exercising basic defenses,” he added. Meyron.

The cybersecurity consultant also stressed that “it is necessary to demonstrate beyond any doubt that it is an Iranian group and that it is neither trivial nor significant due to the effect of slander and because an Iranian attribution does not necessarily indicate that it was an Iranian group. ‘Iranian mission’ “. . ‘”

Meyron further explained that a group working for the Iranian regime is unlikely to “waste energy” on random site searches, but rather intends to cause significant damage to crucial infrastructure.

In December, in response to the Shirbit cyberattack, Zohar Pinhasi, CEO of cybersecurity service MonsterCloud, said The Jerusalem Post that claims that Black Shadow wanted to strategically harm Israel and is not seeking money were “nonsense.”

“This claim is repeated in all the sectors that are attacked and in all the countries. Hacking is almost always first and foremost a ransom attack and on a financial basis. This is also the case in the Shirbit attack, ”said Pinhasi, who is also a former IT security intelligence officer in the IDF, at the time. “The Pandora’s box has been opened and now the company is trying to minimize the severity of the hack and frame it as a matter of ‘national security’ to avoid damage to its reputation and to do well with the regulator and clients,” he said. .

Ben Zion Gad contributed to this report.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *