An unnamed US county paid $1M extortion demand to cybercriminals


A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted – just the criminals’ promise.

This means the county’s stolen files may turn up for sale on a dark web forum, and the same (or another) crime crew could again demand an extortion payment to not leak the data.

It’s also a reminder that, despite the feds urging victims not to pay cybercriminals, sometimes coughing up the ransom demand seems to be the lesser of evils.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • US Military Security Clearance Files Leak Due to Unsecured Drive

    March 13, 2017

    US Air Force documents were left on an unsecured backup drive, exposing highly sensitive personnel files on over 4,000 senior and high-ranking officers. According to MacKeeper Security Researchers, the gigabytes of files were accessible to anyone because there was no password to protect the backup drive. It seems the information found there varied from names and ...

  • Security Fail: Hackers Drawn to Energy Sector’s Lack of Controls

    March 8, 2017

    Oil and gas companies, including some of the most celebrated industry names in the Houston area, are facing increasingly sophisticated hackers seeking to steal trade secrets and disrupt operations, according to a newspaper investigation. A stretch of the Gulf Coast near Houston features one of the largest concentrations of refineries, pipelines and chemical plants in the ...

  • WikiLeaks reveals CIA files describing hacking tools

    March 6, 2017

    WikiLeaks published thousands of documents Tuesday described as secret files about CIA hacking tools the government employs to break into users’ computers, mobile phones and even smart TVs from companies like Apple, Google, Microsoft and Samsung. The documents describe clandestine methods for bypassing or defeating encryption, antivirus tools and other protective security features intended to keep ...

  • Boeing Notifies 36,000 Employees Following Breach

    February 27, 2017

    A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse. News of the breach surfaced earlier this month after a letter (.PDF) from Boeing’s Deputy Chief Privacy Officer Marie Olson, to the Attorney General for the state of Washington Bob ...

  • NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

    February 25, 2017

    NSA and US Cyber Command boss Mike Rogers has revealed the future direction of his two agencies – and for the private sector, this masterplan can be summarized in one word. Kerching! Speaking at the West 2017 Navy conference on Friday, Rogers said he is mulling buying up more infosec tools from corporations to attack and infiltrate ...

  • Got Effective Cybersecurity Practices? Be Aware: The FTC Is Watching You

    February 20, 2017

    Following a July ruling against medical testing laboratory LabMD (which is now out of business), the Federal Trade Commission has emerged as a central regulator of cybersecurity practices for U.S. businesses. The FTC’s mandate to act on “unfair or deceptive” business practices that could harm consumers is being interpreted in a way that means any ...