In an intriguing follow-up to a case I reported in April concerning a hack-extortion incident involving TheDarkOverlord, Janko Roettgers reports that Larson Studios actually paid TheDarkOverlord’s 50 BTC demand. That alone would be surprising and newsworthy (there had been no payments made to the BTC wallet address given in the extortion contract), but Roettgers also reports that according to Larson, TheDarkOverlord (“TDO”) then screwed them by going after Netflix, letting Larson’s clients know about the hack, and then leaking Orange is the New Black.
Now why would TheDarkOverlord do that? If they wanted to create a brand/reputation that they will return materials and stick to their word — that they are a “professional adversary” — why did they allegedly screw Larson Studios?
And why does Larson believe that certain other victims of TheDarkOverlord paid the ransom demands?
Meanwhile, the security company hired by Larson was looking into the Dark Overlord’s past attacks. The hacking group had targeted a number of healthcare facilities and other businesses in the previous months. “It was Gorilla Glue before us, and a children’s charity right after,” Dondorf said. Past reports seemed to suggest that paying up actually worked. “They would return the materials, destroy the materials, and it was over. This was the way they work,” said Rick Larson.
Now what past reports would those be? Not published reports, certainly, as there was no such evidence ever published. Was the security firm told something privately by previous victims? Perhaps. DataBreaches.net is not surprised to hear that some businesses paid the ransom, but would be very surprised to hear that the children’s charity paid up if they are referring to the cancer charity in Indiana.
And this is where Larson Studio’s inexperience also bit them. Not really familiar with TDO’s methods, they seem to have misunderstood when journalists reached out to them. Jill Larson told Variety
the hackers even contacted some journalists to ping Larson and ask about a possible incident, just to see whether it would spill the beans. The company kept quiet, and the hackers told the Larsons they had done the right thing.
The hackers probably weren’t testing Larson to see if they’d spill the beans. They were likely gaming the media, as they’ve always done, to increase pressure on Larson Studios by letting Larson know that the press was aware of the hack and ready to report on it if there was something to report. Pressure on Larson to pay would be especially intense if Larson hadn’t told any of their clients about the hack and theft of the data. It appears that Larson hadn’t told their clients by the time another journalist and DataBreaches.net both reached out to Larson. And to be clear: TDO never told me the victim was Larson Studios. This site figured it out, so there was no way me contacting Larson was a test to see if they would “spill the beans.”
But in many ways, the biggest surprise is that TheDarkOverlord did not keep their word and may have destroyed their credibility going forward:
Soon after, another email from the Dark Overlord arrived at Larson. “They said they felt they owed us an explanation as to why they had done it,” said Jill Larson. In the email, the hackers argued that Larson Studios had broken the terms of the agreement by talking to the FBI. “So they decided to punish us.”
And that, dear readers, strikes this blogger as total b.s. TDO has always known that their victims reach out to the FBI, and has often included little notes in their emails to victims like, “Say Hello to the FBI for us.” They have never, to my knowledge, then “punished” a victim who paid up.
So something doesn’t seem right here, and I am more inclined to believe that they got greedy and tried to get more money from Netflix and then other networks and studios. If I’m wrong, they’re welcome to contact me via secure chat to explain how. I dislike it when things don’t make sense to me.
UPDATE: I was able to make contact with TheDarkOverlord, who tells a somewhat different story than what Roettgers tells. In an encrypted chat, TDO claimed that unlike other victims who have talked to law enforcement, Larson Studios went much further and worked directly with law enforcement.