Two more hacks with ransom demands, but is anyone paying? Part 2.

As noted in Part 1, hackers continue to issue ransom demands, but going to the media to put pressure on hacked entities does not seem to have improved their chances of convincing their victims to pay the ransom. In Part 1, I reported on what appears to be a hack of VI Pay, Inc., a payroll processing firm in Michigan. In this part, I report on the return of TheDarkOverlord, who claim to have hacked an investment firm.

On Sunday, after disappearing from public view for a while, TheDarkOverlord (TDO) posted a statement on Pastebin in which they claim that they have continued to pillage sites, but Saint Francis Hospital wasn’t one of them.

Readers may recall that I had suggested that the Saint Francis Hack was not by TDO but rather, by copycats just using their name.  TDO confirms my impression:

On another note, we noticed that thedarkoverlord had apparently breached yet another healthcare entity. After conducting an internal audit to determine if anyone had gone rogue, we learned that no one did. Thereafter, we quickly realised that we were looking at the work of individuals of whom are operating under our name without authorisation. Be advised that no true members or associates of the thedarkoverlord have been in contact with the public since the breach of St. Francis up until this publication.

Based on the writing of the statement and confirmation from someone known to be associated with them, these actors are, indeed, the real TheDarkOverlord. A copy of their statement was also emailed to this site, and the email service used to deliver it was the same email service the original TDO had used to contact me. So I’m convinced this TDO is the real one.

So now to the hack they revealed: WestPark Capital in California, an international investment banking and securities brokerage firm that was founded in 1995.

TDO provided a sample of documents as proof of claim, including an image of a retainer check and a number of confidential files, including several background checks on individuals by BackTrack, non-disclosure agreements, and other internal documents.

Non-Disclosure and Non-Circumvention Agreement. Redacted by DataBreaches.net
Non-Disclosure and Non-Circumvention Agreement. Redacted by DataBreaches.net

By their own statement on Sunday, TDO attempted to extort the firm and failed. They claim that the CEO, Richard Rappaport, “spat in our face after making our signature and quite frankly, handsome, business proposal.” They did not say how much their ransom demand was, nor what the deadline was. DataBreaches.net had requested clarification on that, but was only told, in encrypted chat:

Richard Rappaport, the CEO of WestPark Capital, was contacted by us and the issue of the breach of his company was brought into the line of communication we established. We made a handsome proposal to Mr. Rappaport that would involve us withholding this news. However, Mr. Rappaport chose to not cooperate with us in what could have been a very clean and quiet business opportunity for himself.

When asked how much data they had acquired, the spokesperson responded:

“We have acquired the entirety of WestPark Capital’s internal records and files. We have acquired every electronic document since the inception of the company. Most of these internal records and files are sensitive and labeled CONFIDENTIAL. We urge Mr. Rappaport to speak with us about this matter and seek for a mutually beneficial solution.”

They declined to reveal the attack method used.

As they have done in other incidents, TDO added a warning to their announcement on Sunday:

P.S. To the existing/future victims of thedarkoverlord who have/will have outstanding balances, pay up.

Well, that strategy didn’t work before for their publicly announced breaches, but I guess hope springs eternal.

DataBreaches.net sent inquiries to WestPark Capital, seeking a response to TDO’s claims, but received no response. Joseph Cox of Motherboard, who confirmed the authenticity of one of the files in the sample, also reports that he has been unable to get a response from the firm so far. This post will be updated if more information becomes available.

DataBreaches.net has no idea how to value files from an investment banking firm, but I would think these files would be much more valuable than identity information, which may sell for less than $1 per record.  Does anyone have a resource on calculating the commercial value of these files if they are put up for sale?

About the author: Dissent

Comments are closed.