Search This Blog

Showing posts with label Israeli Firm. Show all posts

'Black Shadow' Infiltrates Israeli Finance Firm, Demand $570,000 in Ransom

 

The private information of thousands of Israelis was compromised on Saturday following a cyberattack on the database of a major Israeli financial service firm. The hacking group called ‘Black Shadow’ announced Saturday that it has managed to access the servers of an Israeli financial service firm, KLS capital. 

“We are here to inform you a (sic) cyber-attack against K.L.S CAPITAL LTD which is in Israel. Their servers are down and we have all their clients’ information. We want to leak some part of their data gradually. Part of our negotiation will be published later,” the group wrote on the Telegram app.

The hackers demanded 10 bitcoins ($60,000) in ransom from the Israeli investment firm, but it refused to negotiate. As a result, the hacker group leaked the obtained data on their Telegram channel. Black Shadow is the same hacking group that carried out a major cyberattack against Shirbit insurance company in December. 

A few hours before making the declaration, the hacking group deliberately published blurred images of the identification cards of two people who work with the firm. A few minutes after the announcement, they published a few more documents and have since published dozens of additional documents including identity cards, letters, invoices, images, scanned checks, database information, and much more, including the private information of the CEO of the firm.

Last year in December, a prominent cybersecurity firm reached out to KLS Capital and alerted them of a potential breach, flagging a vulnerability associated with their use of a so-called VPN. They said there was a simple ‘patch’ that could provide a solution; however, it appears that no action was taken at the time.

In response, KLS capital stated: “The Israeli cyber authority reached out to us three days ago to warn us against a looming cyber attack against us. This attack is very similar to other attacks Iran and its proxies have conducted against Israeli targets – including private and public bodies. Our management acted immediately to take down our servers and join forces with the national cyber directorate – which together with our experts are examining the event.” 

In recent months, threat actors targeted several Israeli organizations including Shirbit insurance company, the Amitial software company, Ben-Guiron University of the Negev, and Israel Aerospace Industries.

Threat Actors Attacked Israeli Tech Giant Ness Digital Engineering for Ransom

 

Ness Digital Engineering Company, an Israeli-based U.S. IT provider was targeted via ransomware cyberattack affecting computer networks in India, United States, and Israel too. No official statement has been given to the media by the local authorities but initial reports suggest that there's a high probability of Israel being the source of the attack following Ness branches around the globe.

Shahar Efal, CEO of Ness Israel said that the company’s clients which include government ministries, hospitals, and local municipalities were not compromised in the attack. All our systems had been tested by the experts and there is not a single breach into the company’s network or in its client’s database. Cybersecurity experts say the real issue is that the company’s supply chain is intact or it is breached in the attack, so far there are no reports of negotiations with the threat actors.

“The attack began last night, it is a serious, ongoing event. The company is trying to contain the attack internally and seemed, thus far, to have successfully contained it without risking customers”, a source involved in managing the attack told Ynet. The company reassured its clients by reiterating that Ness Israel was no longer connected to the global corporation and therefore was not affected by the cyberattack.

The company has collaborated with several other companies and government bodies such as the IDF, Israel Aerospace Industries, Israel Post, the Israel Airport Authority, and the Hebrew University. National Cyber Directorate stated this attack has no connection with Israel. Meanwhile, Cybersecurity Consultant Einat Meyron said that more than 150 servers in Israel and 1,000 servers around the globe are tested by McAfee.

A screenshot of the text presented as a part of the ransomware attack reads “Hello ness-digital-engineering! If you (sic) reading this message, it means your network was PENETRATED and all of your files and data has (sic) been ENCRYPTED by RAGNAR LOCKER!” The text directs the company to get in touch via live chat provided in the text to sort out the case and “make a deal”.

Ranger Locker ransomware technique was used by the threat actors to gain access to a victim’s network and perform exploration to locate network assets, backups and other critical files and manually install the ransomware and encrypt the victim’s data.