Posted on April 30, 2021 at 6:56 PM
Hackers who stole data from the Nationalist Party’s IT systems have extended the deadline for the party to meet their ransom demands by one week. However, the PN said it still won’t negotiate.
The hacking incident occurred last week before the hackers sent an ultimatum for the victims to pay a ransom of €5,000 to prevent the data from being released to the public. However, that deadline expired on Thursday.
The Avaddon ransom software deployed in the attack
The threat actors used the Avvadon ransom software to gain access to the PN servers. According to the hackers, the stolen data contain details of PN employees and information about their TV station.
However, the party responded that they are in contact with the Police Cyber Crime Unit and don’t intend to negotiate or listen to the hackers.
The party has also called in cybersecurity experts to look into the hacking incident and carry out a proper investigation.
After yesterday’s deadline was crossed, the hackers went on to release some details on the web. They claim that the data they have in their possession is very sensitive and the party would not want to see them released to the public.
Stolen data is genuinely from TN
PN sources have confirmed that the stolen data is from their database and is genuine. But, at the time of writing, they are still adamant and refused to contact the hackers.
The threat actors have reiterated that they are going to release the data if PN refuses to communicate with them or fails to meet the ransom payment deadline for the second time.
Shortly after the attack, the hackers gave PN seven days or 240 hours to “communicate and cooperate.”
On Friday, the hackers uploaded a MiB file with the title “pn.org.mtkuntatt_Leak7.”
But when the file is clicked, it leads to a “500 server error,” which means there is an issue with the file system or the server.
The hackers are not only threatening to leak the stolen data, but also carry out DDoS attacks on the PN site The hackers’ threat is called “triple extortion” since it involves disabling a website, data theft, and the threat of extortion.
“We stand firm by our position of not communicating with them or negotiating with criminals,” a PN spokesperson said.
Attack probably carried out by a local affiliate threat gang
While the Avaddon ransomware used in the attack was created by an international hacking syndicate, there is a high possibility that the attack could have been carried out by an affiliate rather than an international group.
Based on the investigation of the attack, the police are considering the possibility that the PN attack was perpetrated by a local affiliate of the international hacker group.
The threat actors have already released some documents from their loot, which includes a spreadsheet that seems to reveal bank details, passport, and ID card of a female from St Julians, as well as 2014 payroll details for Media. Link productions.
The released document also include mobile number, bank account numbers, addresses, ID numbers, and other personal details of some of the party’s employees.
Attacks on organizations now very common
PN secretary-general Zammit Dimech stated that the party was recently informed that Avaddon has also attacked several local companies. Presently, no Maltese organization or company is listed on the Avaddon dumpsite, apart from PN.
Dimech also noted that the hackers have caused some damage, but stated that such type of attack is gradually becoming very common on individuals in organizations.
“Ultimately we need to be united against this form of terrorism and criminality that can affect us all,” he stated.
Security researchers and experts seem convinced that the threat actors behind the Avaddon ransomware created the dump site in August last year around the time the same group went public to announce the site.
Security experts have asked companies and organizations to be proactive in the management of their security by educating employees to follow strict security measures on systems.