A well known criminal hacking group, called Tsar Team has hacked into the servers of a leading Lithuanian cosmetic surgery clinic and stolen more than 25,000 private photos of clients. They have already published photos to the dark web and are now demanding bitcoin ransom payments from the clinic and from their clients.
The Grozio Chirurgija has patients in more than 60 countries around the world, including more than 1,500 in the UK. After the clinic refused to pay a ransom demand of more than £500,000, the hackers started to approach clients directly for payment. Dozens have come forward to Lithuanian police to report being blackmailed.
Hackers have demanded ransom payments of between €50 and €2,000, paid in bitcoin, depending on the sensitivity of the data stolen, which includes nude photos, passport scans and national insurance numbers.
The Grozio Chirurgija clinic has warned patients not to engage with the blackmailers, or download anything sent to them, for fear of further attacks. The clinic has advised any patient who is contacted by the hackers directly to contact the police immediately. Tsar Team is another name for the hacking group known to security researchers as APT28, which has been linked to hacks on the Democratic National Committee.
It is not clear at this stage exactly how the hack occurred, but by far the most common source of security breaches are phishing e-mails sent to employees or other insiders with fake requests for passwords or links that upload malware to a network when clicked. Once inside the network, the malware will steal data and send it back to the hackers until it is spotted and stopped. This could take some time.
There are two routes that businesses can take to mitigate the threat of such an attack. The first is to educate their employees to beware of phishing e-mails and not be tricked by them. This is a valuable exercise, but is far from foolproof. It only takes only one negligent action by a single employee and the damage is done.
The second route is for the business to take proactive action to test the security of their systems and put in place monitoring software that will identify suspicious activity on the IT network, alert system administrators and automatically shut down access to affected users or databases. Standard anti-virus monitoring software will not provide all of these actions and is dependent on all users implementing it consistently.
Transputec’s Cyber-Security-as-a-Service will complete a comprehensive health check of your network to identify any existing issues or weaknesses and then put in place leading edge monitoring tools to ensure that any suspicious activity is immediately identified and addressed before the damage can be done.
As Robert Mueller, former Director of the FBI, said “There are only two types of companies: those that have been hacked and those that will be”.