Black Shadow leaks more data after deadline passes

Black Shadow threatened to leak more data it obtained from the hacked gay dating app Atraf database in its attack on the Israeli Internet company Cyberserve, after a 48-hour deadline it had set to satisfy its $ 1 demand. million approved on Tuesday.

“48 hours is over! Nobody sends us money. They try to chat with us, we will show you our chats. Data will be uploaded soon. But this is not the end, we have more plans,” the hacker group wrote in broken English. on his Telegram channel.

In its latest attack on an Israeli company, Black Shadow leaked data from several companies served by Cyberserve, including Atraf, the bus companies Kavim and Dan, and the travel reservation company Pegasus.

The latest attack was announced by the group on Friday, and Black Shadow claimed that it had damaged the servers. Cyberserve is a web hosting company, which means that it provides servers and data storage for other companies in all industries. The data seized by hackers comes from a wide variety of businesses, from bus and tour booking companies to the Israel Children’s Museum.

The group promised that if it obtained the ransom, it would not leak the information of about a million people it had collected from Atraf. The group made no promises about any of the other data it had collected.

An information analyst works in front of a screen displaying a near-real-time map that tracks cyber threats; California, December 29, 2014 (credit: REUTERS / BECK DIEFENBACH)

In screenshots of the chats Black Shadow claims it had with company representatives, one of them offered the group $ 250,000 in bitcoins and asked them not to tell others that they had received the money.

In response, the group noted that they had the information of a million people and that the ransom could be paid if each contributed one dollar, with the alleged representative responding that the offer the company had made was their only offer.

“Do you really want to mess with [the] The government of Israel, because this will end badly for you, “wrote the alleged representative, who continued to ask the group what they would gain from the disclosure of the information.

BLACK SHADOW stated that it would “get attention” by publishing the data. The representative warned the group that Israeli “cybercrime investigators” would go after the group and that they would get no money if they did not accept the offer, which increased to $ 350,000 in bitcoins.

The screenshot conversation was conducted in broken English. Black Shadow ended the conversation by saying that the representative’s “friend” had said “nobody cares”, without clarifying who the referred “friend” was.

Cyberserve emphasized Tuesday in response to claims by Black Shadow that the chat was not conducted by the company, nor by a representative working on its behalf, adding that it has not conducted and is not conducting negotiations with the attackers.

“Under no circumstances should you submit to the demands of the attackers,” stressed on Sunday the general director of the Israel Internet Association, Yoram Hacohen, in response to the demands of Black Shadow.

“There is no guarantee that if the amount is paid the information will not be published and, more importantly, such delivery will lead to more and more attacks for what they perceive as an achievement,” he warned. “Also, if private boaters receive messages with demands for ransom payment, they should immediately report it to the police and take no action beyond that.

“What needs to be done now is to refine online privacy and security standards and provide full support, physical and mental, to those about whom information has been disclosed,” Hacohen said.

The ISRAEL Internet Association and Agudah, the Association for LGBTQ Equality in Israel, advised those affected by the cyberattack to make sure to change their usernames and passwords and use strong passwords. The two emphasized that in any ransom request or blackmail incident, those affected should contact the Israel Police.

“The natural human tendency may be to succumb to the demands of attackers, but past experience shows that there is no guarantee that personal content will be removed. In addition, it is an opening that can lead to additional rescue demands, ”emphasized the two organizations. They also advised those affected to notify social media platforms if their information is published there.

Affected individuals in the lesbian, gay, bisexual, and transgender community can contact a hotline established by Agudah between 5 p.m. and 7 p.m. and between 7:30 p.m. and 10:30 p.m. Sunday through Thursday at * 2982 and by WhatsApp. at 058-620-5591.

Black Shadow is responsible for previous attacks against the Israeli vehicle insurance company Shirbit and the financial company KLS. In their previous attacks, the affected companies claimed the group was Iranian, even though cybersecurity experts rejected the claims.

Yigal Unna, the head of the National Cyber ​​Directorate, told Army Radio on Sunday that Black Shadow appears to be a criminal group with an “anti-Israel smell”, adding that “it could be because they are of one origin or another, but it is not fundamentally different from what is happening around the world. “

Cybersecurity consultancy Einat Meyron stated in response to the most recent Black Shadow attack that “the identity of the attacking group is a little less important.

“On the part of the attacked companies, for reasons of insurance and reputation, it is clear that they will want to attribute the attack to Iran. In practice, there is no need to make things easier for attackers by refraining from exercising basic defenses, ”added Meyron.

The cybersecurity consultant also emphasized that “it is necessary to demonstrate beyond any doubt that it is an Iranian group and that it is not trivial or significant due to the effect of slander and because an Iranian attribution does not necessarily indicate that it was an ‘ Iranian mission. ‘ . ‘”

Meyron further explained that a group working for the Iranian regime is unlikely to “waste energy” on random site searches, but rather will aim to cause significant damage to crucial infrastructure.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *