Ransomware deal
The Dark Overlord hackers have stolen internal documents from WestPark Investment bank, pushing for a Ransomware deal

Ransomware deal on the table “We made a handsome proposal to Mr. Rappaport that would involve us withholding this news”

Hackers are trying to negotiate a Ransomware deal with a Los Angeles investment bank.

Hackers have stolen internal documents from a Californian investment bank and published them online, in an effort to negotiate a Ransomware deal from the company they stole it from. The theft of files is seen as unusual in an era where ransomware is downloaded and a company’s or individual’s files are locked up until a ransom is paid.

The hackers, called “The Dark Overlord”, recently tried to extort a Ransomware deal from a series of health care organizations. This most recent target, WestPark Capital, based in Los Angeles.  The Dark Overlord hackers wrote on “Pastebin” that “WestPark Capital CEO, Richard Rappaport, “spat in our face after making our signature and quite frankly, handsome, business proposal and so our hand has been forced” (WestPark Capital is a full-service investment banking and securities brokerage firm).

Along with their statement, The Dark Overlord provided a link to several stolen files from the investment firm. They include non-disclosure agreements, internal presentations, reports, contracts, and more. They only released less than 20 files but they were strategic. One of the companies that were signed on an agreement with WestPark that included in these documents confirmed the document’s legitimacy. The release also included private stock offering details related to Facebook and other companies.

The Dark Overlord spokesperson also wrote about the Ransomware deal; “We made a handsome proposal to Mr. Rappaport that would involve us withholding this news. However, Mr. Rappaport chose to not cooperate with us in what could have been a very clean and quiet business opportunity for himself” – apparently voicing their dismay.

The Dark Overlord first appeared in June, when they advertised a slew of alleged medical organization records on the dark web, before following up with 9 million supposed health care insurance details. The general strategy wasn’t to actually sell the data, but to intimidate the victims into paying a ransom. In return, the hackers wouldn’t release the company’s records.

Although the spokesperson wouldn’t explicitly say this was the same approach, in this case, they did say that “We are open and available for further communications with Mr. Rappaport if he chooses to mitigate what may be to come.” Fidelis Cybersecurity threat systems manager John Bambenek estimated the ransom demand be more than $1 million, the Los Angeles Times reported.

The Dark Overlord stole files from multiple healthcare databases earlier this year and listed the records on the dark web for 750 bitcoins (about $481 million).

News of the hack follows word last week of a breach at Yahoo that could affect 500 million users, the largest hack in U.S. history.

More here [ibtimes] and [motherboard]

Receive Weekly RoundUp

No spam guarantee.