At a glance.
- Dassault unit sustains ransomware attack.
- Socialarks scrapes, then leaks 400GB of social media data.
- Bitdefender releases DarkSide ransomware decryptor key.
Dassault Falcon Jet ransomware attack.
Dassault Falcon Jet, the US subsidiary of French aerospace company Dassault Aviation, has suffered a ransomware attack, likely at the hands of the infamous Ragnar Locker cybercrime group. Latest Hacking News reports that the breach was detected on December 6 and impacted individuals were informed on December 31, but it appears the hackers had access to Dassault’s systems for more than six months prior to discovery. The compromised data includes names, passport info, financial accounts, and social security numbers of employees, as well as their spouses and dependents. All impacted systems have been taken offline as Dassault conducts an investigation in collaboration with law enforcement and third-party cybersecurity experts. Dassault has not expressly stated who the threat actors might be, but Ragnar Locker has taken credit for the attack by leaking the stolen data on the dark web, and it appears they accessed the system by exploiting the Shitrix vulnerability (CVE-2019-19781).
Socialarks leaks 400GB of scraped social media data.
Researchers at Safety Detectives have discovered an unsecured ElasticSearch database owned by Socialarks, a popular Chinese social media management firm, exposing 400GB of personal data. The database contained more than 318 million records belonging to 214 million influencers and celebrities on social media platforms Facebook, Instagram, and LinkedIn. With no password protection or encryption to secure the records, they were easily accessible to anyone with the server’s IP address. Furthermore, the data appears to have been scraped from the various social media platforms, in violation of the platforms’ terms of service. This is not Socialarks first offense; they experienced a similar leak in August that impacted 150 million users. The compromised data included info typically found in profiles like names, phone numbers, and country location, but in some cases the data was not publicly available on the individual’s profile, which has researchers scratching their heads over how Socialarks obtained it. Socialarks secured the database on the same day they were informed of the exposure, but they have not yet responded to Safety Detectives’ inquiries.
Bitdefender releases DarkSide ransomware decryptor key.
Bitdefender, a cybersecurity firm based in Romania, has created a free decryptor key to help victims recover data encrypted by DarkSide ransomware, reports Bleeping Computer. DarkSide, which has been around since just August of last year, has already extorted millions of dollars in ransom payouts, and it experienced a massive surge between October and December when usage more than quadrupled. Their ransomware-as-a-service business model yields ransom demands from $200,000 to $2,000,000 based on the size of the organization infiltrated. Victims who pay up might also be subject to fines for sanction violations, as DarkSide has connections to hosting providers in Iran. The decryptor key, which is available for free download on Bitdefender’s website, allows users to automatically recover any encrypted files, but unfortunately cannot protect victims from attackers demanding ransoms for stolen data.