{"id":6760,"date":"2022-06-02T21:17:32","date_gmt":"2022-06-02T12:17:32","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6760"},"modified":"2022-06-30T21:21:48","modified_gmt":"2022-06-30T12:21:48","slug":"victims-website-hacked-to-display-ransom-note-in-a-new-extortion-strategy","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/victims-website-hacked-to-display-ransom-note-in-a-new-extortion-strategy\/","title":{"rendered":"Victim\u2019s website hacked to display ransom note in a new extortion strategy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6760\" class=\"elementor elementor-6760\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4356704 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4356704\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c43e898\" data-id=\"c43e898\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1e24733 elementor-widget elementor-widget-text-editor\" data-id=\"1e24733\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"MsoNormal\" style=\"margin-bottom: 0cm; line-height: normal;\"><span lang=\"EN-GB\">A new extortion strategy which is being used by the Industrial Spy has been identified where they gain access to their victim\u2019s corporate websites to publicly display ransom notes. The first incident of this new strategy was seen on Thursday 2nd of June 2020, when Industrial Spy started to sell data, which they claim was stolen from the French company, SATT Sud-Est for $500,000. Although this incident stood out to the security researcher MalwareHunterTeam as it was clear that the threat actors had also hacked the SATT Sud-Est\u2019s website to display a message warning that 200GB had been stolen and would soon be up for sale if the victim did not pay a ransom.<\/span><\/p><p class=\"MsoNormal\" style=\"margin-bottom: 0cm; line-height: normal;\"><span lang=\"EN-GB\">\u00a0<\/span><\/p><p class=\"MsoNormal\" style=\"margin-bottom: 0cm; line-height: normal;\"><span lang=\"EN-GB\">There is a belief that this new tactic will not see widespread use by ransomware groups as web servers for most victims are not hosted on corporate networks but with external hosting providers instead. Therefore, threat actors would need to find a vulnerability on the website or gain access to credentials when they steal data from internal networks.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>A new extortion strategy which is being used by the Industrial Spy has been identified where they gain access to their victim\u2019s corporate websites to publicly display ransom notes. The first incident of this new strategy was seen on Thursday 2nd of June 2020, when Industrial Spy started to sell data, which they claim was stolen from the French company,<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6768,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,9,2,1],"tags":[],"class_list":["post-6760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/06\/Picture1-2.jpg?fit=1375%2C917&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6760"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6760"}],"version-history":[{"count":9,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6760\/revisions"}],"predecessor-version":[{"id":6771,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6760\/revisions\/6771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6768"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}