Cryptocurrency Firm Tether Refuses to Pay Ransom to HackersHackers Threatened to Leak Sensitive Data
The cryptocurrency company Tether has refused to pay a ransom of 500 bitcoins ($24 million) after hackers threatened to leak sensitive data if the company failed to pay.
In a tweet about the hack, Tether said the hackers' threat could be an attempt to undermine the company or cryptocurrencies in general.
"Today we also received a ransom demand for 500 BTC to be sent to bc1qa9f60pved3w3w0p7snpxlnh5t4uj95vxn797a7. The sender said that, unless they receive the BTC by tomorrow, they will leak documents to the public in an effort to harm the bitcoin ecosystem. We are not paying," the company tweeted.
Tether also warned its customers of a campaign that is using forged documents that purport to come from its staff. The company, however, did not clarify if the campaign using malicious documents is connected to any extortion effort.
PSA: Forged documents are circulating online purporting to be between @tether_to personnel and reps of Deltec Bank & Trust and others. The documents are bogus. 1/5— Tether (@Tether_to) February 28, 2021
Tether did not immediately respond to Information Security Media Group's request for further details on the hacking incident.
The FBI and security experts urge organizations hit by ransomware gangs to not pay ransoms because there's no guarantee hackers will fulfill their promises and the payments spur additional cybercrime.
"It's possible that the attacker’s claim here is true, but without any definitive proof, it is just as likely that it’s an attempt at market manipulation," says Chris Clements, vice president of solutions architecture at Cerberus Sentinel. "There is no guarantee that the extortionist will delete the compromised information instead of auctioning it off on the dark web or simply publicly releasing it for free."
Erich Kron, security awareness advocate at KnowBe4, says hackers often make the bogus threats of leaking data to add authenticity to their claim. "Even if the threat is found to be fake, the victim of the claim will have had to spend money and valuable resources attempting to confirm the validity of the data the attackers claim to have," Kron says. "To protect against real ransomware, organizations need to focus on data loss prevention technologies, ensure backups are tested and offline, and most importantly, avoid the infection in the first place by educating employees [about phishing]."
Surge in Ransomware
Ransomware attacks have significantly increased as more staff members have worked remotely during the COVID-19 pandemic.
A 2020 report by security firm CyberEdge found that ransomware attacks have affected about 69% of companies in North America during the pandemic. Some 55% of companies in Asia, 61% in Latin America and the Middle East and 57% in Europe have been hit by such attacks.
In February, Automatic Funds Transfer, a Seattle-based billing and payment processing provider used by organizations and government agencies across California and Washington, was hit by a ransomware group (see: 'Cuba' Ransomware Gang Hits Payment Processor, Steals Data).
In January, an extortion gang exploited an unpatched vulnerability in an aging file transfer system from California-based Accellion, affecting dozen of customers (see: Accellion: How Attackers Stole Data and Ransomed Companies).