Talking Points from Rex Mundi’s Cyber Extortion Attempt

Talking Points from Rex Mundi’s Cyber Extortion Attempt



Recently, we’ve been writing a lot about web security because anybody even remotely familiar with the world of the web knows how important the topic is. This time, a specific event lead us to keep our focus on this issue and further discuss the best web security practices.

On April 25, Softpedia reported that the hacker group Rex Mundi obtained data from a Belgian web hosting company called Alphanet, threatening to reveal sensitive information if the company doesn’t pay  a 15,000 Euros ransom. In their announcement on pastie.org, the cybercriminals explained:

“Alfanet has two more days to pay us 15,000 Euros. Unfortunately, so far, they did not reply to our emails. We hope that they will decide to protect their customers before the deadlines expires on Friday evening. If no money is received on Friday evening, we will post their entire database and we will directly attack some of their customers.”

To prove the data is in their hands, the group has also posted sample information leaked from 13000 websites. Since then, no further announcements were made regarding this issue neither by cybercriminals nor by the allegedly blackmailed company.

We may only suppose that the company decided to pay the ransom and thus prevent hackers from further distributing user data. However, due to the lack of data we can also assume that such an attack never actually happened.

Whatever the case, we felt this piece of news deserves our attention.

Some background on cyber extortion

Along with identity theft, which is probably the most frequent form of cybercriminal, cyber extortion is another important threat that is on a constant rise. Cyber extortion covers all the cases when hackers obtain users’ data and threat to announce them publicly unless a certain amount of money is paid to them. This type of attack is often carried out through a malicious software called ransomware that locks the target’s computer, disabling him or her to access any program before paying the amount of money required.

Cyber Security

Symantec last year’s report has identified at least 16 different versions of ransomware, noting that this menace quickly spreads across Europe and North America. According to them, this is one of the most profitable types of cybercriminal since it can be targeted at a large number of computers.

The obvious question here is what happens when this type of scam is directed to businesses where digital data virtually has no price. This is exactly the question that refers to the case of Alphanet and, even though the company didn’t go public with their response to the attack (if there ever was one), it may be worthwhile to examine the options it had in the first place.

Should these companies pay?

The first condition for building a reputation of a reliable web host is to ensure maximum security of company’s servers. Unfortunately, we cannot neglect the fact that hacking activities develop parallel to the advancement of security technologies and this is a sole reason why almost any company can find itself stuck in a similar situation.

Now, the question that remains is: What should a compromised company do if its data is obtained, i.e. what are the best ways to protect users in such a situation?

One may think that the easiest way to stop the fuss is simply to pay the ransom and go ahead believing stolen data would leak no further. However, this is not necessarily the best possible decision since hackers are not very likely to offer a guarantee that the data would be deleted forever. In fact, chances are they would either sell them somewhere else or keep them for future extortions.

As reported by Symantec, only 2.9% of compromised companies actually do pay ransom in such situations. You can imagine what profit is thereby made by cybercriminals, taking into account the number of hacked companies. Although the exact number of such events is unknown, Symantec’s rough estimate is that as much as $5 million dollars is extorted through ransoms every year.

In recent weeks, several companies were reported to have been targets of cyber extortions. When it comes to Rex Mundi specifically, the Softpedia article lists other companies that have been blackmailed by this group, including Drake International and Swiss web hosting company Hoststar.ch.

In April, the Meetup blog publicly announced that they were a target of DDoS attacks, and that they decided not to negotiate with the criminals since this would probably lead to further extortions.

Unfortunately, this a very likely outcome, which is why most companies are right when they decide to ignore the hackers. As pointed by Scott Heifermann, Meetup’s Co-Founder and CEO, the sad truth is that despite the millions of dollars they invest into making the website and apps secure and reliable, DDoS attacks grow more sophisticated with the advancements in technology, making it harder for web hosts to maintain the necessary level of stability.

From this perspective, it makes more sense for a company to try to recover its servers and users data without paying the ransom. One attack is likely lead to another and it is only enhanced measures of protection and a team of highly skilled security experts that ensure future stability. Therefore, security is something that the whole web community should keep paying attention to.