A New Kind of Ransomware

The Dark Overlord has struck again, and you gotta love Cyber-criminals who pen their extortionware notes so eloquently.

Their most recent message to a Hollywood studio reads, “As with all of our friends who don’t accept one of our handsome business proposals, we’ll handle them appropriately by publicly releasing all their client data, documents, intellectual property, and other sensitive documentation.”  It is almost as if David Niven or Sean Connery were leaving a handwritten note on a small ivory card in the middle of the blotter on the victim’s desk. And then we cue Steppin’ Out by Joe Jackson.

Not satisfied with wreaking havoc on school children and intimate plastic surgical images from private Doctor’s offices, the legion of doom has now stolen addresses and phone numbers, banking transaction records, contracts, client invoices, and vendor lists on a long list of celebrities who are or have been contracted with Hollywood production studio, Line 204.

As you can tell from their quite reasonably (!) crafted demand note, these guys see themselves as modern day Robin Hoods or philosopher kings although it isn’t immediately clear where the ransom payoffs are going or who is going to genuflect at their alter of moral equivalency.

In their long letter to the officials at the Columbia Falls school district in Montana in September, they said “We know who you are, Columbia Falls. We know everything about your operation. We know everything about your schools and the children in them. Your nursery children, your primary children, and your secondary children. We know who the problem children are, who the honor performing children are, and even who many of the parents are. We have educated ourselves and made ourselves aware of your entire lives. Today, we’re invading your lives and offices in the form of a letter filled with verbose, condescending, and abusive language. Yikes, right?”

Well, if you were one of those parents, yes … yikes indeed.

They also earlier managed to penetrate another shoddily managed school system Cybersecurity defense in the Johnston Community School District in Iowa in October through a third party vendor and released personal information on students, making it easy, as they wrote “for any child predator to easily acquire new targets.”

If the explicit threat to the Columbia Falls school administrators and through them, the students’ parents weren’t scary enough, how about a little pedophilia to spike your blood pressure?

The point to the Colombia and Johnston elementary school system break in was not about the $150,000 in bitcoin demand but rather about demonstrating the power of sensitive information and the ease with which it can be obtained and the almost overwhelming feeling of hopelessness that can be created through diabolical 7 page ransom demand letters written intentionally to foster fear and infuse desperation.

As the Dark Overlord points out, the target here was not specifically elementary school students or their parents. It was simply based on which information provides the greatest leverage to fend off a law enforcement or FBI investigation. The proposition is “we have personal information which if released publicly will be embarrassing and perhaps even life-changing for the people involved. We will refrain from releasing that information for as long as you are willing to do business our way and essentially back off your investigations.

Incredible leverage indeed.

It raises an interesting question. Is the physical ISIS attack style with trucks and pressure cooker bombs more terrifying than the sword of Damocles that now hangs suspended over the parents and administrators of these schools and the FBI? Who will determine how far to pursue and how close to get to these criminals? And who pays if the bad guys simply decide screw it – let’s just release the stuff.

Whichever answers we end up with, one thing is certain. The Dark Overlord has changed the conversation in Cybersecurity. This new level of sophistication and gamesmanship is Machiavellian and offers some insight into the threat landscape of the future. What lengths would you go to prevent the distribution of some ill-conceived email or memo or letter you wrote once in a fit of passion? To what extent would you be willing to compromise your status-quo to avoid the world at large learning of your dating past or club membership or browsing history?

The new targets of Cyber-theft are heads of corporations and senior public officials who had better figure out pretty quickly how they are going to protect that entire digital journey lying in some hard drive or online repository somewhere in cyberspace. Being discovered in the database of the Ashley Madison Agency was one thing. Being a member of a more psychiatrically disordered special interest group is entirely another, especially if you happen to be the CEO of a public company or a member of congress.

One paragraph in the letter to the President and Board of Trustees of Columbia Falls SD6, is instructive. It reads “If you do end up speaking to the FBI about our previous work, you’ll know we’ve had many entities provide us compensation in exchange for our services. An outstanding majority of those arrangements have gone by without error. Admittedly, there were several problem clients who breached the contracts, but we’re running on an outstanding track record. You’ll no doubt read about Larson Studios, but we can assure you they were in gross breach of our contract. Follow the terms carefully and you’ll be fine.”

This should of course not be taken as a threat, but the message is clear: Play nicely or you will find all of your 8 year old daughter’s school counseling records dumped onto the public square tomorrow morning.

And that will not be fine.

The post A New Kind of Ransomware appeared first on Netswitch Technology Management.

*** This is a Security Bloggers Network syndicated blog from News and Views – Netswitch Technology Management authored by Steve King. Read the original post at: https://www.netswitch.net/new-kind-ransomware/