Ran$umBin tries to turn doxxing into a business. Are you ready?
April 28, 2016
A new Onion site is trying to productize blackmail: Ran$umBin, located at ransumpdfrypfnmj.onion, offers a Bitcoin bounty system that lets criminals upload private information. The information is only taken down if someone pays a bounty, with whomever provided the information getting a cut.
Think of it as an evil version of Troy Hunt's Have I been pwned? with much less data and a much more sinister bent.
Since February, the site hasn't been particularly active, tweeting out a handful of Doxes, claiming to have received at least one payment, and going down for maintenance.
Someone payed their ransom! ID: xQeofkUOI5WO5LOR has been removed from the site!
— RanSumBin (@RansumBin) February 17, 2016
It is, unfortunately, probably a sign for things to come: Amazon and eBays for exploited data are likely to continue to crop up, with the FBI noticing a sharp uptick in incidents. Businesses are particularly vulnerable, as attackers know that they have the resources and motivation to figure out the often complex means of payment in order to handle a ransom.
Some advice:
Don't panic. Attackers rely on fear, surprise, and confusion to manipulate their victims. Many such attacks are merely bluffs, while others can be dealt with without paying up if you keep a cool head and reach out to experts.
Hold onto your wallet. For many attackers, paying up is a sign that they can come back for seconds, thirds, etc. Think hard before even considering paying a bounty, and do some research. Two of the more popular ransomware tools, CoinVault and Bitcryptor, were completely defeated with the keys required to undo their damage all now being made freely available.
Prevention is the best defense. Once your network has been compromised, you've obviously lost a lot of leverage. But that's often when organizations begin to think about security. Instead, make sure that your organization, from top to bottom, is well trained on how attackers get in, usually with a mix of targeted phishing attacks, unpatched but known security holes, and common social engineering techniques, rather than impressive but relatively rare zero days. Educate all employees on how to properly vet emails, educate the backup and recovery team about potential threats, and make sure that nobody is exempted from security education: Recent attacks often masquerade as top executives demanding special exemptions, which has sent mid-level employees scrambling with no questions asked — right into the attacker's hands.
Have you run into an attempted ransom? How did you handle it? Let me know at [email protected].
About the Author
You May Also Like