After Netflix refused to pay a ransom to a hacker known as thedarkoverlord, the hacker posted nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file sharing website on Saturday. The hacker had already posted the season 5 opening episode on Friday as an indication he was serious in his threat.
The stolen episodes were obtained through hacking of Larson Studios, a post production digital mixing company that worked on “Orange is the New Black.” This is just the latest example of a trend of hackers going after bigger targets through vulnerable companies working with the bigger company. The 2013 massive data breach of retailer Target was achieved through accessing Target by initially hacking an HVAC company that worked with Target and had access to Target computers to monitor heating and air conditioning systems at Target stores.
Thedarkoverlord has performed a number of other ransomware attacks including one in which it hacked a small Indiana charity from which it demanded a ransomware of 50 bitcoins that the charity refused to pay and had its data destroyed.
This story is far from over with thedarkoverlord already claiming to have stolen unreleased shows of ABC, Fox, National Geographic and IFC.
Ransomware continues to be a growing threat to individuals, large and small companies as well as government agencies, all of which have been targeted by ransomware. Ransomware malware is readily available for unsophisticated cybercriminals to purchase on the Dark Web. While in the past, the typical manner in which it has been used was to encrypt the data of the target and refuse to release the data back to the victim unless a ransom was paid, the scam has evolved to also include threats of making stolen data public as was done in this instance.
Some older strains of ransomware can be defeated through software that can recover data encrypted by older ransomware programs. In 2016 through the efforts of international law enforcement organizations and private security companies, the website No More Ransom was launched on which victims of ransomware can go to get decryption tools for many strains of ransomware for free. Thousands of people have utilized this tool to decrypt their files after a cyber attack without having to pay a ransom. Unfortunately, however, there are some newer forms of ransomware for which there are no known decrypting tools developed yet.
The key to not becoming a victim of a ransomware attack is to prevent it in the first place. Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware. Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate. You should also install anti-phishing software.
It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates. Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it. Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.
Finally, it is important to note that a recent study done by Spiceworks found that of small to medium businesses who paid a ransom after being hacked, 45% did not get their data restored. Apparently there is no honor among some thieves.