Black Shadow leaks more data after deadline passes



Hacker group Black Shadow has leaked the profile data of hundreds of thousands of “Atraf” users, following threats to do so if the desired ransom of $ 1 million is not reached by Tuesday .

The hackers, who broke into the servers of web hosting company Cyberserve and have since threatened to leak Atraf’s data, as well as bus company Dan and travel booking company Pegasus, who were clients of Cyberserve and whose data was stored on their servers.

Many victims saw their personal information leaked and were revealed by hackers, such as Ch, a young man in his twenties from Tel Aviv, told Ynet. “It’s horrible to enter my personal space and threaten to reveal my correspondence and photos. I hide my sexual orientations, and my family and friends don’t know anything. It’s very problematic for me, and I really am. helpless these days and don’t know what to do. “

Hackers previously threatened to disclose data obtained from the gay dating app’s database, obtained in its attack on Israeli internet company Cyberserve, after a 48-hour deadline it set for itself. to meet his forwarded $ 1 million request. Tuesday.

“The file was blocked by the site hosting the files shortly after Black Shadow posted the link to the data.”

“48 hours over! Nobody sends us money. They try to chat with us, we will show you our chats. The data will be uploaded soon. his Telegram channel.

In its latest attack on an Israeli company, Black Shadow leaked data from a number of companies served by Cyberserve, including Atraf, bus companies Kavim and Dan, and travel reservation company Pegasus.

The latest attack was announced by the group on Friday, with Black Shadow claiming to have damaged the servers. Cyberserve is a web hosting company, which means it provides servers and data storage to other companies in all industries. The data captured by the hackers comes from a wide variety of companies, from travel and bus booking companies to the Israel Children’s Museum.

The group promised that if it got the ransom it would not disclose the information of about a million people it had gathered from Atraf. The group made no promises regarding the other data it had collected.

In screenshots of discussions Black Shadow claims to have had with company officials, one of them offered the group $ 250,000 in bitcoins and asked them not to tell others they had. received the money.

In response, the group pointed out that it had the information of a million people and that the ransom could be paid if each person contributed a dollar, with the alleged representative responding that the offer made by the company was their only offer.

“Do you really want to mess with [the] Israeli government because it will end badly for you, ”wrote the alleged representative, who continued to ask the group what it would gain from releasing the information.

BLACK SHADOW said it would “grab attention” by releasing the data. The representative warned the group that Israeli “cybercrime investigators” would come after the group and that they would not get any money if they did not accept the offer, which they raised to $ 350,000. in bitcoins.

The screenshot conversation was conducted in broken English. Black Shadow ended the conversation by saying that the representative’s “friend” had said “nobody cares”, without specifying who the intended “friend” was.

Cyberserve pointed out on Tuesday in response to Black Shadow’s claims that the chat was not conducted by the company, or a representative working on its behalf, adding that it did not conduct and does not conduct negotiations with the attackers.

“You must not under any circumstances submit to the demands of the attackers,” Israel Internet Association CEO Yoram Hacohen said Sunday in response to Black Shadow’s demands.

“There is no guarantee that if the amount is paid, the information will not be released and, more importantly, such surrender will lead to further and increased attacks due to what is seen by them as an exploit. “, he warned. “Additionally, if private surfers receive any messages with demands for ransom payments, they should immediately report it to the police and take no further action.

“What needs to be done now is to refine the online security and privacy regulations and provide all support, physically and mentally, to those about whom information has come to light,” Hacohen said. .

The ISRAEL Internet Association and Agudah – the Association for LGBTQ Equality in Israel – advised those affected by the cyberattack to make sure to change their usernames and passwords and use words strong pass. The two stressed that in any incident of ransom demand or blackmail, those concerned should contact the Israel Police.

People pose in front of a screen showing the word “cyber” in binary code, in this photo illustration taken in Zenica on December 27, 2014. Photo taken on December 27, 2014. (Credit: REUTERS / DADO RUVIC / FILE PHOTO)

“The natural human tendency may be to succumb to the demands of attackers, but past experience shows that there is no guarantee that personal content will be removed. In addition, it is an opening that can lead to demands for additional ransoms, ”stressed the two organizations. They also advised those affected to notify social media platforms if their information is published there.

Those concerned in the lesbian, gay, bisexual and transgender community can contact a hotline set up by Agudah from Sunday to Thursday evening from 5:00 p.m. to 7:00 p.m. again from 7:30 a.m. to 10:30 a.m. on * 2982 and on WhatsApp on 058 -620- 5591.

Black Shadow is responsible for previous attacks on Israeli companies, such as auto insurance company Shirbit and finance company KLS. In the attacks, the companies involved claimed the group was Iranian, despite the claims being rejected by cybersecurity experts.

Yigal Unna, head of the National Directorate of Cyber ​​Security, told Army Radio on Sunday that Black Shadow appears to be a criminal group with an “anti-Israel flavor,” adding that “it could be because they are from one source or another, but it is not fundamentally different from what is happening all over the world.

“My position has been very argued for years – don’t pay or negotiate. It’s useless, it’s useless,” cybersecurity consultant Einat Meyron said Tuesday.

“The information is in any case disclosed and sold on other channels, on the darknet, where shameful lists of companies are also published which have paid the ransom when they had been promised that they would not be revealed. . That in itself should be enough, but when you also see the quality of the conversation the attacker has with the negotiator, it’s hard not to understand the attacker, ”said Meyron.

“With an average cost of $ 7,000 to $ 9,000 per negotiator, for two or three days it is already better to transfer the money to a charity that does good. At least that way there is a chance that karma is taken into account, ”added the consultant.

Meyron said on Saturday in response to Black Shadow’s latest attack that “the identity of the attacking group is a little less important.

“On the side of the attacked companies – for insurance and reputation reasons – it is clear that they will want to blame the attack on Iran,” she said. “In practice, it is not necessary to make it easier for attackers to refrain from exercising basic defenses.

The cybersecurity consultant also stressed that “it is necessary to prove beyond any doubt that it is an Iranian group. And this is neither trivial nor significant because of the effect of the slander – and because an Iranian attribution does not necessarily indicate that it was an “Iranian mission”.

Meyron further explained that a group working for the Iranian regime is unlikely to “waste energy” on recordings from random sites, but rather aim to cause significant damage to critical infrastructure.

The Attorney General’s Office Cyber ​​Unit announced that it was continuing to act against Black Shadow and had contacted Google to block access to the hacker group’s website and that Telegram had blocked two other channels belonging to the hacker group. group.

The Director of the Cyber ​​Unit at the State Attorney’s Office, Dr Haim Wismonsky, said the department will continue to work to reduce and disrupt the activities of cybercriminals in order, among other things, to protect privacy and the security of the state’s citizens in cyberspace, ”said the Cyber ​​Unit.



Leave A Reply