At least a dozen U.S. progressive groups have been targeted by Russian hackers who searched victims’ emails and files for potentially embarrassing information before demanding hush money, Bloomberg reports.
The ransom demands have ranged from $30,000 to $150,000, with payment required in bitcoins.
According to Bloomberg, the methods used by the hackers appear to match those of Cozy Bear, one of the groups behind last year’s hack of the Democratic National Committee (DNC).
To collect the data, the hackers specifically targeted Web-based email accounts, as well as applications like SharePoint.
Bloomberg reports that the hackers’ targets have included the Center for American Progress (CAP) and Arabella Advisors.
“Arabella Advisors was affected by cyber crime,” Arabella spokesman Steve Sampson said. “All facts indicate this was financially motivated.”
On the other hand, soon after the Bloomberg article was published, CAP president Neera Tanden tweeted, “This story is wrong as it relates to CAP. We have not been hacked nor have we heard of any ransom request.”
Regardless, FireEye director of cyber espionage analysis John Hultquist told Bloomberg it’s best to be cautious in making any assumptions about Russian government involvement in these attacks.
“Russian government hackers have aggressively targeted think tanks, and even masqueraded as ransomware operations, but it’s always possible it is just another shakedown,” Hultquist said.
Extortion-Based Cyberattacks Increasingly Becoming the Norm
Bloomberg notes that on the day after the presidential election last November, Russia’s FSB targeted the personal emails of hundreds of people with U.S. government connections, with a particular focus on those who had worked in Democratic administrations or were linked with liberal or progressive causes.
And the concern for many of the victims is that this could be part of a new wave of Russian government attacks on the U.S. political system, Bloomberg reports.
No matter who’s behind the attacks, ThinAir CEO Tony Gauda told eSecurity Planet by email that the campaign is a clear case of data weaponization. “As the DNC breach proved, the value of compromised information extends well beyond what it stands to sell for on the dark Web, and oftentimes the person willing to pay the highest price is the victim – which is why we’ve seen ransomware attacks surge in recent years,” he said.
“Until more organizations take matters into their own hands, and secure data in a way that guarantees it can’t be leveraged against them, extortion-based cyberattacks are going to increasingly become the norm in both the public and private sectors,” Gauda added.
Cyber Security More of a Concern in 2017
According to a Tripwire survey [PDF] of more than 200 cyber security professionals at the RSA Conference 2017 last month in San Francisco, just 17 percent of respondents are confident in the U.S. government’s ability to protect itself from cyber attacks in the coming year.
Eighty percent of respondents said they’re more concerned about cyber security in 2017 than they were last year.
When asked what they would be most concerned about if their organization lacked a robust cyber security program, 59 percent of respondents listed intellectual property theft, followed by brand reputation damage (54 percent) and financial loss (53 percent).
Just under half (48 percent) of respondents said a lack of skilled employees would be the most likely cause of security failures at their organizations, followed by inadequate processes (30 percent) and inappropriate technology (17 percent).
“People and organizations alike look to the government to set an example and lead the way on all sorts of issues, including cyber security,” Tripwire CTO David Meltzer said in a statement.
“What the results of this survey show is that seasoned cyber security professionals are not confident in the government’s current cyber security strategy, and these worries can trickle down to the list of concerns for an enterprise,” Meltzer added.