A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted – just the criminals’ promise.
This means the county’s stolen files may turn up for sale on a dark web forum, and the same (or another) crime crew could again demand an extortion payment to not leak the data.
It’s also a reminder that, despite the feds urging victims not to pay cybercriminals, sometimes coughing up the ransom demand seems to be the lesser of evils.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Homeland Security Center to Guard Against Cyberattacks
July 31, 2018
Homeland Security Secretary Kirstjen Nielsen says the growing cyber threat cannot be underestimated and government and the public must work together to battle it. Nielsen spoke at a cybersecurity summit Tuesday. She announced the creation of the National Risk Management Center at the department. It’s aimed at guarding energy companies, banks and other industries against cyberattacks. ...
- Pentagon Circulates Software ‘Do Not Buy’ List
July 30, 2018
The US Department of Defence has begun circulating a “do not buy” list of software it considers to have Russian and Chinese connections, in the country’s latest tightening of restrictions on foreign tech influence. The Chinese and Russian governments have called previous US restrictions on companies such as Russian security software firm Kaspersky Lab and Chinese telecoms equipment ...
- No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities
July 24, 2018
The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, ...
- Thousands of U.S. Voter Personal Records Leaked by Robocall Firm
July 18, 2018
The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company. Researchers have discovered yet another misconfigured repository bucket – this time leaking the information of U.S. voters. The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company called Robocent. Kromtech Security researchers, ...
- Indictments Against 12 Russians Show How Hackers Were Hacked
July 18, 2018
Hi everybody, Jordan Robertson here. I cover cybersecurity in Washington, D.C. Today’s newsletter is about Special Counsel Robert Mueller’s indictment this week of 12 Russian military officers for allegedly orchestrating the hacks of the 2016 U.S. presidential election. The indictment, which I encourage you to read if you’re interested in technical details about how the hacks worked, is remarkable in a number ...
- Hacker Sold Stolen U.S. Military Drone Documents On Dark Web For Just $200
July 11, 2018
You never know what you will find on the hidden Internet ‘Dark Web.’ Just about an hour ago we reported about someone selling remote access linked to security systems at a major International airport for $10. It has been reported that a hacker was found selling sensitive US Air Force documents on the dark web for between $150 ...

