Bitcoin Forum

Multinational firm paid ransom in bitcoins to hackers who broke into systems

Hackers extorted an international company based in Brisbane for a ransom paid out in bitcoin but then escalated their demands by threatening online attacks on a senior employee’s child, Queensland police have said.

The company, which police refused to identify, paid the hackers an initial ransom worth thousands of dollars after its computer system was hacked and sensitive data stolen earlier this year.

When the company refused a further larger ransom demand and contacted police, hackers then “profiled a senior member of the organisation, identified their family and threatened to discredit members of his family through online attacks particularly targeting a child”, police said.

The case prompted acting assistant commissioner Brian Hay to warn that businesses should never give in to extortion demands but also be wary of posting personal information on social media that could be exploited as leverage by cyber criminals.

“This was a very serious attack on an organisation and quite traumatic for the business, the victim and his family,” Hay said.

“We are strongly urging business to ensure their computer systems are secure and protected from hackers, that they adopt a policy of not paying ransom demands and carefully consider the information posted on social media.

“Organisations need to think about putting in place a strategy to counteract or respond to these type of incidents. But the one message that I cannot stress enough is to never comply with extortion demands and report these matters to us immediately.”

This is sad but inevitable.  I don't believe bitcoin itself has anything to do with the decision to hack, it just makes collecting the money easier.  I am sure that there are other ways to transfer money.  This should be (another) wake up call for businesses to shore up their security against these attacks.

Low life people. Demanding ransom is one thing, but severely threatening the people personally is beyond disgusting. That's why you should never leave too much data about yourself on social media sites.


Most companies try to save on things as IT, which is a huge mistake as you can see.

This is the source of the OP's news: http://www.theguardian.com/technology/2015/jun/04/hackers-extorted-multinational-firm-in-australia-and-threatened-employee


Absolutely correct, as these attacks become more imminent companies really need to prioritize their cyber security and I don't know what information do these people put on social medias about their children that can be used by hackers. What kind of cyber attacks can a hacker do?

Ofcourse bitcoin shouldn't be blamed for this as it was only used as a payment instrument, although it is difficult to track the transaction made through it. I think government cyber crime division really need to educate themselves on how to track these criminals or else they will continue doing this.

A criminal stays a criminal, even if he shifts to Bitcoin. The banks have the same problem... Who do you target, if you want to rob a bank? The people with the keys to the vault and access to the money.

Targetting a child is just more effective, because they are soft targets... They know a parent will do anything for his/her child and they exploit that.

We cannot blame Bitcoin for that behaviour... They are thieves with crypto knowledge. If this was done with Fiat, would it be global news? Nope...  >:( >:(

Is this fake? Who knows... shills will post any #@$% that sounds remotely possible, to discredit Bitcoin.

 

Every "ecosystem" has scammers so... I wonder why they paid. Was it cryptolocker type scam?

Yep, not only corporations. common man too

they didn't say it but is this another story about sospicious email with an exe file where they clicked on it like dumb fishes?

because the fault it's only in their hand, and has nothing to do with bitcoin, it is just more convenient for hacker to ask them to pay in that way, because, more trouble can rise for tracking it back

This is why I constantly repeat the same thing. Anonymity s the single negative trait BTC brings to the table and will be constantly exploited and attacked by scammers and BTC opponents.

i always find these kind of news of bad taste. when something like this is spread around in news about bitcoin it makes it look like a currency that is only used by criminals to someone who doesn't know about bitcoin.

I bet some Anti-Bitcoin people are behind these sort of attacks and they're doing this to make Bitcoin look bad and give it bad publicity so that governments around the world ban using it and/or impose more restrictions on it.

I know that bitcoins are not to be blamed here but if the agencies keep facing these issues, like it has happened before and they have to pay ransoms to protect people/companies I fear they will resort to putting harder laws on trading/using bitcoins.

According to the United States Department of Justice, they took down the cryptolocker last year. They even arrested a few people, who were thought to be behind this trojan. Now it seems that at least some of the cryptolocker guys are active, and they are continuing their activity in the form of various clones.

My question is "Is this a big company?" Why this hacker only ask for a low ransom with the sensitive data that they steal. I guess this hacker is the foolish one to ask so low ransom to this multinational company. Or may be this is just some kind if ads that will help their company so people will know more about this company

Isn't that a risk with any company in the world ? I don't think they should give in to that, specially because its easy to look up a lot of people based on the name. Most of them have FB and Linkedin accounts.

I can't beilieve that people still fall for that exe trick.  I only use software from trusted sources and everything is scanned just in case.  It might be a matter of education: maybe the average person has no idea that you can get a virus this way.  I know it sounds absurd but I think it is the case.  Maybe we need PSA's about computer safety and not the ridiculous ones about cigarettes.

And no I am not saying that ciggies are not a health problem but many of the commercials are over the top ridiculous.

I don't know much about this new trojan, but I have heard that the original cryptolocker trojan used to camouflage itself as a Java update. Even experienced users had great difficulty in differentiating it from the real Java update. And among the various antivirus suites available, only the Kaspersky Internet Security was able to identify them (in the initial phases).

Yeah, they probably falling for the .jpg.exe shit lol. Those people just can't be saved. But ramsonware is lately pretty trendy it seems, and most use Bitcoin since it's more anonymous. Hopefully they start demanding Monero or something, so we don't get negative press.

Sure there are alot of other ways to transfer money, but only Bitcoin provides quick and anonymous transactions to a computer. So, without Bitcoin these script kiddies would not be in the extortion business I am sure.

It may or may not be BS, however the premise of the story is believable. The fact that Bitcoin is very hard to trace makes it attractive for these kinds of crimes.

At first glance, this sounds a lot like ransomeware that has been around for years, however after closer examination, it appears that the attacker was likely closer related to someone at the company.

Lots of things are getting used by criminals. Would you believe criminals use guns? They even use cars. Some of them even eat bread.

Exactly. Some of the new clones of cryptolocker are using Moneypak and QIWI wallet to accept ransom payments, and for money laundering. Earlier they were using options such as Liberty Reserve. If we ban Bitcoin claiming that it is being misused by the criminals, then they'll just discover a new method, which can't be banned.

This is one of the downsides in BTC. Coins are quite hard to chase and to match up to the owners meaning people can often get away with doing anything. The hackers could easily use a mixer to 'hide' the 'tainted' coins and then use a few exchanges and gambling sites to clean the coins. Eventually there'd be no concrete evidence who the extortionists are...

Yeah it would be pretty much mission impossible to guess the actual criminals after a couple of mixing. You could put the wrong people in jail so it's pointless. Actually after just putting the coins inside a exchange and moving them back it's pretty much impossible, it would a lot of people

I remember the discussion I had with a merchant, who was looking forward to accepting Bitcoins as a mode of payment. He asked me how he could identify the "tainted" coins, and thereby reject the payment. Unfortunately, I didn't knew the answer. I don't know what happened in the end. Probably he shelved the idea, fearing that he will face legal action as a result of getting these tainted coins.  ???

By tainted coins you refer to coins obtained by any frauds, thievery and from black markets? And you were right there is no way to identify these kind of money, but isn't it the same way with normal FIAT?
How can you be sure that money you are receiving are not obtained by fraudulent methods? Yes! You can't be sure! So rejecting bitcoin acceptance just because there is possibility of 'tainted coin's is pretty dumb imo.

Yeah, ideally, there shouldn't be "tainted" coins, because it breaks fungibility. The origin of the Bitcoins shouldn't matter, otherwise it would be a big mess, but I can understand the concern. This is the problem of a public ledger.

I'd like to know how the criminals got away with the ransom. Did they use a mixer, or what? Even if they did, it should be possible to find, at least, the IP address they used in the transaction to the mixer.

IP can be masked pretty easily, with plenty of tools, so it's a bit pointless to know it, they can even do it via mobile and attach their phone to a wifi with some sort of a proxy, then change location

you don't even need a mixer in that case, they may force you to split the stolen sum into multiple addresses

It's possible in some stores in some countries to register an USB wifi device to a random address.
When done, the criminal could go on with his live CD launched MAC altered laptop and lock in himself in the public toilet of a large train station and start his ransom over additional anonymous VPN protection.
Selling bitcoins is easy for criminals too, mixer then localbitcoins.
This is how a criminal can get away with his ransom and this is one valid point how bitcoin gets his reputation straight into the hell.