Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransom. Show all posts
Ransom
Coinbase Crypto Crypto Wallet cryptocurrency Cyber Security Data Theft Extortion Ransom

$400Million Coinbase Breach Linked to Customer Data Leak from India


Coinbase data breach linked to India

A Reuters investigation revealed that cryptocurrency exchange Coinbase knew in January about a breach affecting outsourced customer support agents in India. Six people who knew about the incident said Coinbase was aware of sensitive user data compromise through its contractor, TaskUs, before it was officially announced in May. 

On 14th May, TaskUs filed an SEC document revealing that an India-based TaskUs employee was found taking pictures of a computer screen with her phone. Five former TaskUs employees confirmed that the worker and one accomplice were bribed by threat actors to get Coinbase user data.

The breach cost $400 million

After this information, more than 200 TaskUs employees were fired in a mass layoff from the Indore center, which drew media attention in India. Earlier, Coinbase suspected ‘overseas support agents’ but now the breach is estimated to cost 400 million dollars.

Coinbase had been a long-term partner of TaskUs, a Texas-based outsourcing firm, cost-cutting labor by giving customer support work to offshore teams. After 2017, TaskUs agents, mostly from developing countries, handled Coinbase customer inquiries. 

In the May SEC filing, Coinbase said it didn’t know about the full scale of the breach until it received an extortion demand of $20 Million on 11th May. As a cautionary measure, Coinbase cut ties with TaskUs employees and other unknown foreign actors. Coinbase has notified regulators, compensated affected users, and taken strict measures to strengthen security. 

In a public statement, TaskUs confirmed it had fired two staff (unnamed) for data theft but didn’t mention Coinbase. The company found the two staff involved in a cyber attack campaign that targeted other service providers linked to the client. 

Hackers use social engineering tactic

Hackers did not breach the Coinbase crypto wallets directly, they cleverly used the stolen information to impersonate the Coinbase employees in a series of social engineering scams. The hackers posed as support agents, fooling victims into transferring their crypto assets. 

According to Money Control, “The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment.”

Read more »
Ransom
Co-op Cyber Attacks Cyber Triggers CyberCrime Cyberhackers Cyberscams CyberThreat NCSC Ransom

Co-op Hack Triggers Widespread Scam Risk for Consumers


 

Several cyberattacks on major British retailers including Marks & Spencer, the Co-op Group, and others have been attributed to social engineering, the practice of deceiving internal support teams by impersonating legitimate employees to deceive internal support teams. It has been reported that the attackers contacted the companies' IT help desks and posed convincingly as employees seeking immediate assistance. 

Using trust and urgency as a basis, they were able to persuade help desk employees to reset passwords for internal accounts, giving them unauthorised access to sensitive corporate information. Using this technique, attackers could potentially gain access to sensitive data, internal communications, and systems that may be used to further exploit or steal data, as it bypasses traditional technical safeguards. 

Once inside the networks, the attackers could potentially gain access to confidential data, internal communications, and systems that could be used for further exploitation. According to the UK's National Cyber Security Centre (NCSC), in light of these developments, all organisations should conduct a thorough review of their authentication procedures for help desks. 

As social engineering attacks are becoming increasingly sophisticated and difficult to detect, NCSC stresses the importance of implementing strict identity verification methods and training employees to recognise such techniques to prevent them from occurring in the future. Approximately 2,000 grocery outlets are operated by the Co-operative Group, along with 800 funeral homes and legal and financial services, in addition to offering food and beverage services. 

It has been confirmed that precautionary measures have been taken to protect the company's digital infrastructure. These included temporarily suspending certain internal systems that are used by retail operations and the legal department for their operations. A number of the organisation's systems have been affected, including the platform used to monitor stock levels. 

A source familiar with the matter has indicated that unresolved disruptions may result in localised supply issues, which could lead to product shortages on store shelves if not handled promptly. It was also announced that some employees' access to certain digital tools was restricted in response to the breach, so that remote work capabilities would be limited starting Wednesday. As a result of these internal disruptions, the Co-op has said that its retail stores, including those which provide rapid delivery services and funeral care branches, will remain open and operational normally despite these disruptions. 

According to the National Cyber Security Centre (NCSC), it has acknowledged its involvement in the incident and is actively supporting the Co-operative Group as they investigate it. In addition, it is believed that the company is working closely with Marks & Spencer to assess the scope and nature of an incident that occurred in a separate but similarly timed manner, with efforts underway to determine whether there is any connection between the two breaches. 

As a matter of fact, the attack on two major retailers in close succession is unlikely to be a coincidence, according to Marijus Briedis, Chief Technology Officer of Nord Security. It suggests that there has been some coordination between both retailers or perhaps even a shared vulnerability. 

According to the Co-operative Group, although its back-office operations and customer service call centres have suffered disruption, the company's network of 2,000 grocery stores and 800 funeral homes across the UK remains fully functional and continues to serve its customers without interruption, despite these disruptions. 

When the cybercriminal group Scattered Spider first gained prominence in September 2023, it was after successfully infiltrating Caesars Entertainment and MGM Resorts International, an attack which, reportedly, forced Caesars to pay a ransom of $15 million. Recently, the group has been operating in the UK, and they seem to have changed their approach to attacking IT personnel by using sophisticated social engineering tactics rather than technical exploits. 

It has been reported that one of the suspects, Scottish national Tyler Buchanan, has been extradited to the United States from Spain, where he has been charged with attempting to compromise several corporate networks. As a result of Buchanan and his network's involvement in numerous complex and multistage cyber intrusions, U.S. prosecutors are emphasising the growing threat cybercrime poses to society. 

Despite Marks & Spencer's continued efforts to restore its digital systems, and as the Co-op assesses the full extent to which customer data might be exposed by the incidents, critical cybersecurity vulnerabilities have been revealed in enterprise cybersecurity protocols. It has become increasingly important for organisations to prioritise layered, adaptive security frameworks that go beyond traditional defences to combat threats from attackers exploiting human behaviour over system weaknesses. 

It is ultimately clear that in a digital-first economy, the presence of cyber threats must be built into every aspect of the organisation, and to do so, organisations must embed cybersecurity into every aspect of their business. It remains a fact that human factors are the most exploited vulnerability, and without constant vigilance and robust incident response plans, even industry leaders are vulnerable. As M&S continues to deal with major problems caused by a cyber attack attributed to the hacking collective Scatter Spider, the problems have emerged. 

In light of the M&S incident, the Co-op did not comment on whether the extra checks it had conducted resulted in the detection of attempted attacks on its systems. However, it did inform staff of the importance of protecting our systems, mentioning the recent issues surrounding M&S and the cyber-attack they have experienced in the past few weeks. As part of its commitment to reducing costs and preventing shoplifting, the company announced that technology would play an important role in reducing costs and preventing shoplifting. 

The Co-op's grocery stores are currently introducing new technologies such as electronic shelf edge pricing to reduce labour hours, as well as expanding fast-track online grocery delivery services. Morrisons has been at the centre of cyberattacks in the last couple of years. In the run-up to Christmas last year, the retailer suffered from an incident at its tech supplier Blue Yonder that caused the retailer to become extremely vulnerable to cyber threats. 

As recently as 2023, WH Smith was attacked by cyber criminals who illegally accessed their company information, including the personal details of current and former employees. This occurred less than a year after a cyber-attack on WH Smith's Funky Pigeon site forced the store to stop accepting orders for about a week following a cyber-attack. As a result of the recent cyber attacks on leading UK retailers, such as Marks & Spencer and the Co-operative, there is now an urgent and escalating challenge facing the UK: cybercrime is becoming a more prevalent threat in an increasingly digital retail environment. 

In addition to enhancing customer experience, retailers are increasingly embracing advanced technologies to increase efficiency, reduce operational costs, and improve efficiency, but they also increase their exposure to cyber risks, particularly those originating from human manipulation and procedural errors. It is important to note that in a complex ecosystem where automation, remote access systems, and third-party technology partnerships are converging, a single vulnerability can compromise entire networks, resulting in a complex ecosystem. 

It is important for cybersecurity tnot to be viewed simply as a technical function but rather as an integral part of every layer of an organisation's operations. Managing these threats requires organisations to use a holistic approach - issuing regular training to staff on social engineering awareness, setting up thorough verification processes, and auditing access control systems regularly - to mitigate such threats. 

In order to avoid reactive measures, the implementation of zero-trust frameworks, the cooperation with cybersecurity experts, and continual incident simulation exercises must become standard practice instead of reactive ones. For businesses to keep up with the pace of cybercriminals, as they often operate across borders using coordinated tactics, they must also evolve. In addition, boards and leadership teams are responsible for cybersecurity resilience by ensuring that adequate investments, governance, and crisis management plans have been established. 

Additionally, regulatory bodies and industry alliances should make an effort to establish unified standards and collaboratively share threat intelligence, particularly in sectors regarded as high risk. It is not an isolated incident; the recent breaches are a sign of a broader pattern that reveals a systemic vulnerability in the retail supply chain as a whole. The digital age has made it increasingly difficult to ignore cybersecurity when it comes to businesses that depend on trust, reputation, and uninterrupted service crucial element of long-term survival and customer trust.
Read more »
Ransom
Automobile Industry Cyber Attacks Hackers Ransom

Auto Industry Faces Sharp Rise in Cyberattacks, Raising Costs and Risks

 



The growing use of digital systems in cars, trucks, and mobility services has made the automotive industry a new favorite target for hackers. Companies involved in making vehicles, supplying parts, and even selling them are now dealing with a sudden rise in cyberattacks, many of which are leading to heavy losses.

A recent report by cybersecurity firm Upstream Security shows that these attacks are not only increasing but also affecting much larger groups of vehicles and connected systems. In 2024, nearly 60% of the reported incidents impacted thousands or even millions of assets—this includes vehicles, electric vehicle charging stations, smart driving apps, and other connected tools used in transportation.

Even more worrying is the spike in large-scale cyberattacks. Cases where millions of vehicles were hit at once rose sharply from 5% in 2023 to 19% in 2024. These massive events now account for almost 60% of all attacks recorded in the year.

Experts warn that attackers have changed their approach. Instead of just hacking into a single vehicle’s system, they now aim to cause widespread damage or steal large amounts of data. By doing so, they increase the pressure on companies to pay hefty ransoms to avoid public embarrassment or serious business disruption.

Jason Masker, a cybersecurity specialist from Upstream, explained that hackers often search for the most damaging way to force companies into paying them. If they can gain control of millions of vehicles or access sensitive information, they can easily threaten a company’s image and safety standards.

The report also shared a serious example of how hackers can even manipulate a car’s safety features. Researchers found that the radar used for adaptive cruise control— a system that keeps cars at a safe distance can be tricked. Hackers could make it appear that the vehicle ahead is speeding up when it isn’t, potentially causing a crash.

Several major cyber incidents have already occurred:

• A leading Japanese car company’s U.S. unit was targeted by ransomware, leaking 22GB of vehicle and customer data.

• A Chinese auto supplier suffered a large breach involving 1.2TB of sensitive information, affecting both local and global carmakers.

• In Italy, a German automaker’s branch faced a data breach that exposed private customer details.

The report further explains that traditional cyberattacks— like locking systems and demanding ransom, are slowly becoming less effective, as many companies have backups ready. Now, hackers prefer stealing data and threatening to leak it unless they’re paid.

What’s more concerning is the gap between what cybersecurity rules require and how prepared companies actually are. Many businesses falsely believe they are fully protected, while attackers continue finding new ways to break through.

Upstream Security suggests companies need to act beyond just following regulations. Safety, smooth operations, and protecting customer data must be prioritized.

To help prevent future attacks, Upstream monitors over 25 million vehicles worldwide, tracking billions of data points daily. They also watch online forums where cybercriminals sometimes plan their attacks.

Looking at the bigger picture, experts predict artificial intelligence will become a vital tool in spotting and blocking cyber threats quickly. As vehicles get more connected, the risk of cyberattacks is expected to grow, putting companies, drivers, and users of smart mobility systems at greater risk.


Read more »
Ransom
Cyber Attacks Data Breach Data Extortion FBI Ransom

FBI Warns Business Executives About Fake Extortion Scam

 



The Federal Bureau of Investigation (FBI) has warned corporate executives about a new scam designed to trick them into paying large sums of money. Criminals are sending threatening letters claiming to have stolen sensitive company data and demanding a ransom. They are falsely using the name of a well-known hacker group to appear more convincing. However, the FBI has found no actual link between the scammers and the group they claim to represent.  


How the Scam Operates  

According to an FBI alert issued on March 6, 2025, the scammers are mailing letters to company executives marked as urgent. These letters state that hackers have broken into their company's systems and taken confidential data. The scammers then demand a payment of anywhere between 250,000 and 500,000 dollars to prevent the data from being exposed online.  

To pressure victims into paying, the letter includes a QR code that directs them to a Bitcoin wallet for the ransom payment. The message also warns that the criminals will not negotiate, adding to the urgency.  

The letter claims to be from a group known for past cyberattacks, but investigators have found no evidence that the real organization is behind these threats. Instead, scammers are using the group's name to make their claims seem more credible and to scare victims into complying.  


Why Executives Are Being Targeted  

Top business leaders often have access to critical company information, making them valuable targets for cybercriminals. Attackers believe that these individuals will feel pressured to act quickly when they receive threats about stolen data. By creating a sense of urgency, the scammers hope their victims will pay the ransom without questioning its legitimacy.  

The FBI has stressed that companies should not assume the threats are real just because they mention a well-known hacking group. Instead, businesses should focus on improving their cybersecurity defenses and educating employees about potential scams.  


How to Protect Against This Scam  

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have shared several important steps businesses can take to safeguard themselves against such scams:  

1. Inform and Educate – Business executives and employees should be aware of this type of scam so they can identify suspicious threats and avoid panic.  

2. Strengthen Security Systems – Companies should ensure that their firewalls, antivirus software, and security protocols are up to date and functioning effectively.  

3. Establish a Response Plan – Organizations should have a clear strategy in place for handling extortion threats. They should not respond or pay the ransom but instead follow proper security procedures.  

4. Report Suspicious Activity – If a business receives one of these extortion letters, it should immediately inform the FBI or report the incident through the Internet Crime Complaint Center (IC3). Reporting such cases helps authorities track cybercriminals and take action against them.  


Why Awareness is Crucial  

This scam highlights the growing trend of cybercriminals using fear to manipulate victims into handing over large amounts of money. While there is no confirmation that the real hacker group mentioned in the letter is involved, this situation serves as a reminder for businesses to stay cautious.  

The best way to prevent falling victim to such scams is through strong security measures, employee awareness, and prompt reporting of suspicious activity. The FBI is closely monitoring the situation and urges companies to take cybersecurity seriously to avoid financial and reputational damage.

Read more »
Scam
Cybersecurity FBI malware Ransom Scam

FBI Warns of Fake Ransom Demands Sent by Mail to US Executives

 



A new scam is targeting top business leaders in the United States, where criminals are sending letters demanding large ransom payments. Unlike typical ransomware attacks that involve hacking into computer systems, this scheme relies on physical mail. The letters claim that hackers have stolen company data and will leak it unless a ransom of $250,000 to $500,000 is paid. However, cybersecurity experts believe this is a fraud, with no actual hacking involved.  


How the Scam Works  

Investigators from the GuidePoint Research and Intelligence Team (GRIT) discovered that several companies have received these ransom letters through the US Postal Service (USPS). The letters are addressed to high-level executives and claim to be from the BianLian ransomware group, a known cybercriminal organization.  

The message states that the company's confidential information has been stolen and will be exposed unless the demanded payment is made within ten days. To make the threat appear real, the letter includes a Bitcoin wallet address and a QR code that links directly to it. Some letters also provide links to BianLian’s dark web site to add legitimacy to the claim.  

Despite these details, security analysts have found no proof that any actual data theft has occurred. The scam relies on fear and deception, hoping that executives will panic and send money.  


Why Experts Believe the Threat Is Fake  

Cybersecurity specialists have carefully examined multiple cases of this scam and found no signs of hacking or data breaches. The companies targeted in this scheme have not reported any unusual activity or unauthorized access to their systems. This strongly suggests that the criminals behind the letters are only pretending to be the BianLian ransomware group.  

The FBI has confirmed that these letters are part of a fraud campaign and do not represent a real cyberattack. Many of the envelopes are marked as "Time Sensitive" to create urgency, and some even list a return address in Boston, Massachusetts, which appears to be another false detail.  

Since there is no actual ransomware attack, businesses do not need to take technical action like removing malware or restoring stolen files. The main risk comes from executives believing the scam and paying the ransom.  


What to Do If You Receive One of These Letters  

If your company receives a similar ransom demand, take the following precautions:  

1. Check Your Systems for Security Issues – Ensure that company networks are protected and that there are no signs of hacking or data leaks. Keeping cybersecurity measures updated is always important.  

2. Do Not Send Any Money – These threats are fake, and paying the ransom will only encourage further scams.  

3. Report the Scam – Contact law enforcement and inform the nearest FBI field office about the letter. Complaints can also be filed with the Internet Crime Complaint Center (IC3).  

4. Inform Key Personnel – Let executives and employees know about this scam so they can recognize and ignore similar fraud attempts in the future.  

 

This scam is a reminder that cybercriminals do not always rely on advanced hacking techniques. Sometimes, they use old-fashioned methods like physical mail to create fear and manipulate victims into paying. While real ransomware attacks remain a serious concern, this particular scheme is based on false claims.  

Companies should stay informed and take precautions to avoid falling victim to these types of fraud. Being aware of such scams is the best way to protect against them.

Read more »
Ransom
Crypto Extortion Crypto Scam Cyber Crime Kidnapping Ransom

Crypto Dealers Targeted in Alarming Kidnapping and Extortion Cases

 

Recent incidents have revealed a troubling trend of cryptocurrency dealers being targeted for kidnappings and extortion. These cases underline the risks associated with the growing prominence of the cryptocurrency sector.

French authorities recently rescued a 56-year-old man found tied in the trunk of a car in Le Mans. According to France Bleu Normandie, the man had been abducted on New Year’s Eve by masked assailants who broke into his home, tied him and his wife up, and transported him approximately 500 kilometers across the country.

The captors used encrypted communication networks to demand a ransom from his son, a cryptocurrency influencer based in Dubai. The victim was discovered disoriented and covered in gasoline, prompting an ongoing investigation as the perpetrators remain at large.

Global Surge in Crypto-Related Crimes

Cryptocurrency's rising value and adoption have made it a lucrative target for cybercriminals. On December 17, Bitcoin (BTC) reportedly reached significant highs, amplifying interest in the sector. This growth has drawn attention from threat actors engaging in malware attacks, kidnappings, and extortion schemes.

For instance, on December 25, a cryptocurrency merchant in Pakistan was kidnapped in Karachi. The assailants coerced the victim into transferring $340,000 in cryptocurrency before abandoning him. Seven individuals, including a Counter-Terrorism Department officer, were later arrested, and charges for kidnapping and extortion were filed under the Pakistan Penal Code.

Cryptocurrency and Ransom Scams

In Australia, a case involving a Saudi royal highlighted the use of social platforms in abduction schemes. The victim was lured via a dating app to a location where he was ambushed and restrained. Threatened with severe harm, he transferred $40,000 in Bitcoin. While the lead perpetrator, Catherine Colivas, avoided prison due to mitigating circumstances, the case underscores the broader vulnerabilities in cryptocurrency transactions.

According to analysts at Chainalysis, the expanding ransomware landscape compounds these risks. Tracking incidents and ransom payments made in cryptocurrencies remains a significant challenge, emphasizing the need for heightened security and vigilance in the sector.

Read more »
User Data
Data Breach Data Leak Ransom Stolen Data User Data

AT&T Paid Attackers $370K to Delete Stolen Customer Data

 

AT&T reportedly paid a hacker more than $370,000 to remove stolen customer data. In an extraordinary turn of events, the ransom may not have gone to those responsible for the breach.

Last Friday, AT&T disclosed that an April data breach had exposed the call and text records of "nearly all" of its customers, including phone numbers and call counts. In a filing with the Securities and Exchange Commission (SEC), AT&T claimed it has since tightened its cybersecurity measures and is working together with law authorities to investigate the incident.

It now appears that AT&T has taken additional steps in response to the intrusion. According to Wired, AT&T paid a ransom of 5.7 bitcoin to a member of the hacking group ShinyHunters in mid-May, which was worth little more than $373,000 at the time. In exchange for this money, the hacker allegedly deleted the stolen data from the cloud server where it was stored, as well as providing video footage of the act. 

However, there is no guarantee that the millions of people affected by the latest massive AT&T attack will be entirely safe, as digital data can be easily copied. The security expert who mediated negotiations between AT&T and the hacker told Wired that they believe the only complete copy of the stolen dataset was wiped. However, partial fragments may remain at large. 

Prior to AT&T's announcement of the incident, it was revealed that Santander Bank and Ticketmaster had also been penetrated using login credentials that had been taken by an employee of the independent cloud storage provider Snowflake. According to Wired, following the Ticketmaster breach, hackers may have infiltrated over 160 companies at once using a script.
Read more »
Ransomware
Cyber Attacks French HealthCare Ransom Ransomware

French Hospital CHC-SV Refuses to Pay LockBit Ransomware Demand

 

The Hôpital de Cannes - Simone Veil (CHC-SV) in France revealed that it has received a ransom demand from the Lockbit 3.0 ransomware gang and refused to pay the ransom. 

On April 17, the 840-bed hospital announced a serious operational disruption caused by a cyberattack, forcing it to shut down all computers and reschedule non-emergency procedures and appointments. 

Earlier this week, the establishment revealed on X that it had received a ransom demand from the Lockbit 3.0 ransomware operation, which it referred to the Gendarmerie and the National Agency for Information Systems Security (ANSSI). 

At the same time, the LockBit ransomware organisation added CHC-SV to their darkweb extortion site, warning to release the first sample pack of files stolen during the attack before the end of the day. The healthcare organisation tweeted that they will not pay the ransom and will notify affected individuals if the threat actors begin leaking data. 

“In the event of a data release potentially belonging to the hospital, we will communicate to our patients and stakeholders, after a detailed review of the files that may have been exfiltrated, about the nature of the stolen information.” 

Meanwhile, the hospital's IT workers are currently working to restore compromised systems to normal operational status, as internal inquiries into the incident continue. 

Ruthless stance 

 
The FBI's disruption of the LockBit ransomware-as-a-service operation through 'Operation Cronos' and the simultaneous release of a decryptor in mid-February 2024 have had a negative impact on the threat group. 

Affiliates have lost faith in the project, and others have chosen to remain anonymous for fear of being identified and prosecuted. Despite the inconvenience, the ransomware operation relaunched a week later, with fresh data leak sites and updated encryptors and ransom demands. 

LockBit's attitude regarding assaults on healthcare providers has always been ambiguous at best, with the group's leaders failing to enforce the declared restrictions on affiliates carrying out attacks that compromised patient care. The attack on CHC-SV confirms the threat group's utter disdain for the sensitive topic of preventing disruptions to healthcare services. 

Read more »
Subscribe to: Posts (Atom)