If hackers would be awarded medals for the successfulness of their malicious online activities, TheDarkOverlord would already have a couple of those on the shelf. This hacker (or a group of hackers) first caught cybersecurity community’s attention back in June, after around 655000 healthcare records — originally belonging to the Midwest Orthopedic Clinic in USA, Missouri — were exposed on the dark web under this particular nickname. These record databases weren’t cheap. Their price ranged from 100,000 to around 480,000 USD. Unfortunately for the healthcare organizations, this breach was just the beginning. Later that month, another batch of approximately 9 million bits of health insurance information have also been leaked and published on the darknet. TheDarkOverlord was behind it all once again. As the hacker admits him/herself, these incidents were solely aimed at bringing some easy financial gain. Nonetheless, what happened earlier this month put the ransom-extortion practices to a whole another level. The WestPark Capital, an investment bank located in Los Angeles has become a target of this hacker’s revenge after its representatives supposedly declined to pay ransom for the firm’s stolen data. Haven’t received the anticipated money, TheDarkOverlord has published the leaked documents on the darknet, presumably, not to have all of his/her “hard work” go to waste.
Incidents like these are much more dangerous than the regular ransomware attacks. The victimized companies cannot simply delete the malware, recover data from backups and proceed with their usual business. They are now faced with the risk of having their clients’ personal information exposed to unknown malicious third-parties. Self-respecting companies have no other choice but to pay the ransom in order to keep their clients’ data and their own reputation safe. Nonetheless, even if the money is transferred, the cyber criminals still have access to the stolen data, so there is no guarantee that they will not publish it online to earn a few extra dollars. We can only speculate what evil-minded buyers would obtain it and where this information would be used later.
The future prospects are even more terrifying. The cyber crime tendencies will only get worse, and the crooks will target increasingly larger companies. Compared to the attacks on the personal users, the profit gained from businesses and organizations is much quicker, and there is no need to waste time negotiating with hundreds of victims to reach the same goal. Luckily, larger companies can invest more into their cyber security, making their private networks tougher or virtually impossible to breach. Thus, we need to raise public awareness and encourage major companies and smaller businesses to become more technologically advanced and dedicate more resources for the cyber protection.