Court orders search engines to block Black Shadow content

The Tel Aviv Magistrates Court on Wednesday ordered Internet providers and search engines to block access to Black Shadow and the content it has leaked from Israeli companies, as Israeli authorities continue to work to limit the damage caused by ransomware attack.

The court also ordered the personal information that was leaked to be removed.

Despite Telegram taking down Black Shadow’s channel on Tuesday, the hacker group was able to open a new channel later in the day and has since leaked even more data from radio 103FM, travel insurance company Trip Guaranty, Locker Ambin Furniture Company, Mor Institute for Medical Data, and Tacy Jewelry Company.

The recently leaked data includes flight details, addresses, emails, and dates of birth, among other details.

On Tuesday, Black Shadow leaked profile data of hundreds of thousands of “Atraf” users, tracking threats to do so in the event that the desired $ 1 million ransom was not met.

Illustrative photo of a cyber attack. (credit: Wikimedia Commons)

The hackers, who broke into the servers of the web hosting company Cyberserve and have since threatened to release data from Atraf, as well as from the Dan bus company and the Pegasus travel reservation company, which were customers of Cyberserve and they had their data stored on their servers.

Hackers had previously threatened to leak data obtained from the gay dating app’s database, which it obtained during its attack on Cyberserve, after a 48-hour deadline it had set to satisfy its approved $ 1 million demand. on Tuesday.

The file was blocked by the site that hosts it shortly after Black Shadow posted the link, but has since been posted back to a working link.

The latest attack was announced by the group on Friday, and Black Shadow claimed that it had damaged the servers. Cyberserve is a web hosting company, which means that it provides servers and data storage for other companies in all industries. The data seized by hackers comes from a wide variety of businesses, from bus and tour booking companies to the Israel Children’s Museum.

“Under no circumstances should you submit to the demands of the attackers,” stressed on Sunday the general director of the Israel Internet Association, Yoram Hacohen, in response to the demands of Black Shadow.

“There is no guarantee that if the amount is paid, the information will not be published and, more importantly, such delivery will lead to more and more attacks for what they perceive as an achievement,” he warned. “Also, if private boaters receive messages with demands for ransom payment, they should immediately report it to the police and take no action beyond that.

“What needs to be done now is to refine online privacy and security standards and provide full support, physical and mental, to those about whom the information has been disclosed,” Hacohen said.

Black Shadow is responsible for previous attacks against Israeli companies, such as the Shirbit vehicle insurance company and the KLS finance company. In those attacks, the affected companies claimed the group was Iranian, even though cybersecurity experts rejected the claims.

Yigal Unna, head of the National Cyber ​​Directorate, told Army Radio on Sunday that Black Shadow appears to be a criminal group with an “anti-Israel smell,” adding that “it could be because they are of one origin or another, but it is not fundamentally different from what is happening around the world. “

“My position has been very reasoned for years: don’t pay and don’t negotiate. It’s unnecessary, it’s useless,” cybersecurity consultancy Einat Meyron said on Tuesday.

“The information in any case is filtered and sold on other channels, on the darknet, where shameful lists of companies that paid the ransom are also published even though they were promised that they would not be revealed. That in itself should be enough, But when you also see the quality of the conversation that the attacker has with the negotiator, it is difficult not to understand the attacker, ”Meyron said.

“With an average cost of $ 7000- $ 9000 per negotiator, for two or three days, it is already better to transfer the money to a charity that does good. At least then there is the possibility that karma will be considered,” he added the consultant.

Meyron stated on Saturday in response to the most recent Black Shadow attack that “the identity of the attacking group is a little less important.

“On the part of the attacked companies, for reasons of insurance and reputation, it is clear that they will want to attribute the attack to Iran,” he said. “In practice, there is no need to make things easier for attackers by refraining from exercising basic defenses.”

The cybersecurity consultancy also stressed that “it is necessary to demonstrate beyond any doubt that it is an Iranian group. And it is not trivial or significant because of the defamation effect, and because an Iranian attribution does not necessarily indicate that it was an ‘Iranian mission.’

Meyron further explained that a group working for the Iranian regime is unlikely to “waste energy” on random site searches, but rather intends to cause significant damage to crucial infrastructure.

The Cyber ​​Unit of the State Attorney’s Office announced that it was continuing to act against Black Shadow and had contacted Google to block access to the hacker group’s website and that Telegram had blocked two more channels of the group.

“The director of the Cyber ​​Unit of the State Attorney’s Office, Dr. Haim Wismonsky, stated that the department will continue to work to reduce and disrupt the activities of cybercriminals in order, among other things, to protect the privacy and security of the citizens of the state in cyberspace, “said the Cybernetic Unit.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *