The Week in Breach – Ransomware gang donates part of ransom demands to charity organizations

Make sure to add us or contact us for the latest news

The Week in Breach: Featured – Ransomware gang donates part of ransom demands to charity organizations

A ransomware gang has donated a part of the ransom demands it extorted from victims to charity organizations.

Current recipients include Children International, a non-profit for sponsoring children in extreme poverty, and The Water Project, a non-profit aiming to provide access to clean and reliable water across sub-Saharan Africa.

Each organization received 0.88 bitcoin (~$10,000) last week, according to transactions on the Bitcoin blockchain [12].

The sender was a ransomware group going by the name of Darkside.

Active since August 2020, the Darkside group is a classic “big game hunter,” meaning it specifically goes after large corporate networks, encrypts their data, and asks huge ransom demands in the realm of millions of US dollars.

If victims don’t pay, the Darkside group leaks their data online, on a portal they are operating on the dark web.

“As we said in the first press release – we are targeting only large profitable corporations,” the Darkside group wrote in a page on their dark web portal, published on Monday.

“We think it’s fair that some of the money they’ve paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the group also added; before posting proof of their two donations.

darkside-ransom-proofs.jpg
Image: ZDNet

 

Neither of the two non-profits can keep these “donations,” though; as it’s illegal to receive and use funds received as result of a crime, so the donations will most likely to be seized or returned. – you can catch the rest of the story here

The Week in Breach News – United States


United States –  Barnes & Noble

https://boston.cbslocal.com/2020/10/15/barnes-noble-cyberattack-hack-data-breach-personal-info/

Exploit: Malware

Barnes & Noble: Bookseller

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.411 = Extreme

Barnes & Noble has been starring in its own horror story in the last week, as a massive network outage for its Nook customers rolled into the discovery of a massive cyberattack. The bookseller informed customers on Monday that it had experienced a data breach that exposed customers’ transaction histories and PII. Recovery and restoration efforts are underway. It’s unknown if the Nook outage was a facet of the data breach or unrelated.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.206 = Severe

Barnes & Noble says that the only data stolen was transaction history information, names, and email addresses. The company doesn’t anticipate that any financial information was stolen, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: No one can afford a data breach right now, not even a corporate giant. incidents that impact online sales are especially problematic as online sales remain a focus area during the pandemic.

IntegraMSP to the Rescue: Strengthening gateway security is a good data loss prevention strategy. Passly guards against intrusion with cracked, stolen or compromised passwords by adding simple but effective secure identity and access management protection. LEARN MORE>>


United States – Intcomex

https://channeldailynews.com/news/miami-based-channel-partner-slammed-by-1tb-customer-and-business-data-leak/72273

Exploit: Ransomware

Intcomex: Managed Services Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

The Miami-based managed services provider suffered a huge data breach, exposing nearly 1Tb of very sensitive data. The leaked data contains a collection called “Internal Audit” at 16.6GB, and “Finance_ER” totaling 18GB. The most recent data was from July 2020. The data included credit cards, license scans, payroll, customer databases, and more. The company serves more than 50,000 resellers in over 41 countries.

Individual Risk: No individual information was reported as compromised in this incident, although the potential is there. No details about the uncovered data are available.

Customers Impacted: up to 50,000

How it Could Affect Your Business Third party data breaches are a big risk to every business these days. Even if you’re keeping your company’s sensitive data secure, your vendors might not be.

IntegraMSP to the Rescue: Dark Web ID keeps your business credentials safe by monitoring the Dark Web 24/7/365 to alert you right away if your protected credentials show up in a Dark Web data dump. LEARN MORE>>


United States – Robinhood 

https://nypost.com/2020/10/16/hackers-broke-into-nearly-2000-robinhood-trading-accounts/

Exploit: Hacking/Database Intrusion

Robinhood: Investment App

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.552 = Extreme

Robinhood informed its users last week that hackers had obtained access to funds and information in some of its accounts. The firm claims that there was no intrusion and that customer email addresses were compromised outside of the app, giving cybercriminals the ability to steal money and data, but investigators and clients say that’s not possible, citing the fact that most accounts were protected with MFA.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.412 = Extreme

Personal and financial information about users was accessible and potentially stolen by hackers, and some users had money stolen directly from their accounts. Users should assume that their accounts have been compromised and act accordingly.

Customers Impacted: 2,000

How it Could Affect Your Business: Providing services that use highly sensitive information implies that you’re using the best technology to keep that data safe – especially at a fintech startup.

IntegraMSP to the Rescue: Keep data safer by reducing the ways that thieves can get to it. With single sign-on through passly, each employee has their own personalized LaunchPad, making it easy for IT staff to secure access points.  LEARN MORE>>


United States – Dickie’s Barbecue Pit

https://www.zdnet.com/article/card-details-for-3-million-dickeys-customers-posted-on-carding-forum/

Exploit: Malware/Skimming

Dickie’s Barbecue Pit: Restaurant Chain

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.691 = Severe

Dickie’s Barbecue Pit has been serving up a side of skimming to every customer. Between August 2019 and July 2020, cybercriminals were operating skimmers at 156 of Dickey’s 469 locations in 30 states, with the highest exposure in California and Arizona. The breach was discovered by cybersecurity monitors after hackers began advertising the data stash for sale as “Blazingsun”.

cybersecurity news represented by agauge showing severe risk

 

Individual Business: 1.771 = Severe

Customers who made purchases at Dickie’s Barbecue Pit during that window have likely experienced a credit card compromise and should contact their card issuer for guidance.

Customers Impacted: 3 million

How it Could Affect Your Business: The number one cause of a data breach is human error. Failing to keep up with security awareness and phishing resistance training leads to expensive cybersecurity disasters.

IntegraMSP to the Rescue: The ID Agent digital risk protection platform enables organizations of any size to implement security awareness training painlessly at a great price. LEARN MORE>>


United States – Nez Pierce Tribal Casinos

https://lmtribune.com/external-cyber-attack-blamed-for-computer-trouble-at-nez-perce-tribes-casinos/article_091b0264-1000-11eb-a3ed-0f2500bec470.html

Exploit: Ransomware

Nez Pierce Tribal Casinos: Gambling Parlors

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.002 = Severe

Two popular casinos owned and operated by the Nez Peirce Native American tribe were hit with ransomware, resulting in a complete shutdown for at least a week. Systems were frozen at both the tribe’s Clearwater River Casino near Lewiston and the Ye-Ye Casino at Kamiah in Idaho. Restoration efforts and investigations are underway, but the casinos are expected to reopen imminently.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Attacks aren’t always about stealing data. Ransomware is a devastating weapon that bad actors are using to shut down businesses too., and that can sometimes be even worse.

IntegraMSP to the Rescue: Learn how to protect systems and data from ransomware in our eBook “Ransomware 101“. DOWNLOAD IT NOW>>

The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.