[BreachExchange] PLASTIC SURGERY BLACKMAIL VICTIMS URGED NOT TO PAY HACKERS

Destry Winant destry at riskbasedsecurity.com
Thu Jun 1 00:07:42 EDT 2017


https://www.eveningexpress.co.uk/pipe/news/international/plastic-surgery-blackmail-victims-urged-not-to-pay-hackers/

Blackmail victims across Europe have been urged not to pay any ransom
after a chain of plastic surgery clinics in Lithuania was hacked and
more than 25,000 private photos and personal data – including nude
pictures – were stolen.

Police in Lithuania said a hacking group called Tsar Team broke into
the servers of Grozio Chirurgija clinics earlier this year and
demanded ransoms from clients in the UK, Germany, Denmark, Norway and
other countries.

Norway’s National Criminal Investigation Service (KRIPOS) warned there
is “no guarantee that those blackmailing keep their promises”.

It recommended that people contact local police if they are victims of
extortion attempts.

KRIPOS urged people to keep “relevant information about how you were
contacted” and what address was provided for payment in Bitcoin.
KRIPOS did not say how many people in Norway were affected.

Police in Lithuania said several hundred images were released in March
and rest of the database was made public on Tuesday.

It is unclear how many patients have been affected, but detectives say
dozens have come forward to report being blackmailed.

“It’s extortion. We’re talking about a serious crime,” said Andzejus
Raginskis, the deputy chief of Lithuania’s criminal police bureau.

Investigators are working with security services in other European
countries and have warned that people who download and store the
stolen data could also be prosecuted.

“Clients, of course, are in shock. Once again, I would like to
apologise,” said Jonas Staikunas, the director of Grozio Chirurgija.

“Cybercriminals are blackmailers. They are blackmailing our clients
with inappropriate text messages.”

Mr Staikunas said victims were asked to pay up to 2,000 euros (£1,740)
to guarantee that nude images, passport copies, social security
numbers and other data would not be made public.

The hackers had also demanded that the clinic pay 344,000 euros
(£300,000) to prevent the data dumping, but it refused.


More information about the BreachExchange mailing list