An unnamed US county paid $1M extortion demand to cybercriminals


A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted – just the criminals’ promise.

This means the county’s stolen files may turn up for sale on a dark web forum, and the same (or another) crime crew could again demand an extortion payment to not leak the data.

It’s also a reminder that, despite the feds urging victims not to pay cybercriminals, sometimes coughing up the ransom demand seems to be the lesser of evils.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • New SEC enforcement chiefs see cyber crime as biggest market threat

    June 9, 2017

    Hackers are increasingly breaking into brokerage accounts to steal assets or make illegal trades, prompting U.S. securities regulators to start tracking cyber crimes more closely, two newly appointed enforcement officials said in an interview on Thursday. On Thursday, the U.S. Securities and Exchange Commission named Stephanie Avakian and Steven Peikin as new co-directors of enforcement. In an ...

  • Federal task force: Here’s how to fix healthcare cybersecurity

    June 6, 2017

    A federal task force released its long-awaited cybersecurity recommendations report Friday evening. The far-reaching report from the Health Care Industry Cybersecurity Task Force was mandated by the Cybersecurity Act of 2015. The task force convened 21 wide-ranging stakeholders in medical cybersecurity, ranging from device manufacturers to hospitals to consumer advocates. Workforce issues are the “most foundational problem” for ...

  • HHS task force wants cybersecurity treated as a patient safety issue

    June 2, 2017

    The Health Care Industry Cybersecurity Task Force today released the final version of its cybersecurity report, calling on the government to write policies that would help healthcare organizations boost their defenses—a need made even more evident after last month’s WannaCry ransomware attacks. The final report, which was mandated by the Cybersecurity Information Sharing Act of 2016, ...

  • Georgia Unveils Massive Cybersecurity Investment to Protect Against Emerging Threats

    May 23, 2017

    The state of Georgia has set aside $50 million to construct an innovation and training facility that helps state and local agencies better respond to cyber threats. “The Peach State” has more than 30 systems across 16 state agencies that house highly-sensitive financial or public safety information, according to Calvin Rhodes, Georgia’s CIO. The state has ...

  • Korea, US to Begin Joint Investment in and Research on Cyber Security in Late May

    May 22, 2017

    Threats of More intelligent worldwide cyber attacks of these days are strengthening cyber security alliance between Korea and the United States.  According to the Korean Ministry of Science, ICT and Future Planning, the Korean government and the US government (Air Force Research Laboratory) will finalize the selection of a research consortium for the start of joint ...

  • FDA, Industry Look for Gaps in Cybersecurity

    May 18, 2017

    The US Food and Drug Administration (FDA) on Thursday kicked off a fortuitously-timed public workshop on medical device cybersecurity, the agency’s third on the subject to date. At the workshop, FDA officials, representatives from industry and researchers are trying to determine the current gaps in regulatory science as it relates to cybersecurity with the aim of ...