Acer faces huge ransomware demand, prison for sextortion and stay away from a fake Clubhouse app.
Welcome to Cyber Security Today. It’s Monday, March 22nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Computer manufacturer Acer is facing a $50 million ransomware demand, several news agencies are reporting. They are saying the gang known as REvil posted a notice last week on its web site that it has copied documents from the company and will publish them unless the ransom is paid. If the ransom isn’t paid by March 28th it will double. In a statement to media Acer said it has reported what it calls “recent abnormal situations” to the police. Last week Acer said it had net income of $263 million in 2020.
Administrators with network controllers from F5 Networks have had over a week to install the latest security patches after the discovery of serious vulnerabilities. It’s more urgent than ever to patch because threat actors are now actively trying to exploit these holes. If your firm hasn’t acted it may pay a price.
Some legal news to report:
A Russian man has been sentenced to 10 years in prison and a man from North Macedonia to five years by an American judge for their roles in a fraud and theft ring called the Infraud Organization. For eight years the gang pedaled stolen and counterfeit ID, bank accounts and credit card information. At one point it claimed to have 10,000 participants buying and selling goods. Police estimate the losses to victims was over $500 million.
A Virginia man has been sentenced to 31 years in prison for a sextortion scheme. The 36 year-old coerced at least 13 girls into sending him sexually explicit photos. He pretended to be a teenage girl on social media. When they sent photos, he’d post them to other social media sites. When the girls protested he demanded more photos if they wanted the pictures deleted.
Last August I reported that a Russian man was caught trying to bribe a Tesla employee to install malware on the company’s servers. That Russian has now pleaded guilty in a U.S. court to being part of a conspiracy to damage computers. According to court documents, the plan was to steal data from the electric car manufacturer and then demand money or the information would be published. He’ll be sentenced in May.
Meanwhile a U.S. grand jury has issued an indictment against a resident of Switzerland for allegedly being part of a group that hacked into, copied and published data from a number of unnamed companies. The indictment alleges the person operated a website that publishes stolen data. According to the Bleeping Computer news service that site has stolen data from a number of firms including Intel, AMD, Qualcomm, Nissan, Lenovo and Nintendo.
Are you eager to be invited to join a Clubhouse chat group? If so, beware of a fake Clubhouse web site. It tries to lure people into downloading a poisoned Android Clubhouse app, says security company ESET. There is no official Android Clubhouse app yet. There’s only an Apple app. The other way to know is the fake site has a button that says, ‘Get it on Google Play.’ That looks convincing. But victims who click on the button don’t go to the Google Play store. Instead the fake app gets automatically downloaded. The real Clubhouse website is called ‘joinclubhouse.com.” What the fake app does is steal login passwords for many sites.
That’s it for today. As always links to details about these stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.