1y ago

PandaBuy pays ransom to hacker only to get extorted again

www.bleepingcomputer.com

LOL

Data Breaches @lemmy.zip

BrikoX @lemmy.zip

1y ago

PandaBuy pays ransom to hacker only to get extorted again

www.bleepingcomputer.com /news/security/pandabuy-pays-ransom-to-hacker-only-to-get-extorted-again/

19 comments

Never pay ransomware. Just write the data off. Learn how to take decent backups
- Not ransomware but just ransom to data exfil by a vulnerable API. But paying is still a dumb idea.
- I mean news like this is the best way to stop people paying, I hope every business that doesn't pay sends the hackers this article and says this is why
- How is someone getting control of their data by paying a ransom?
  The opposing actor still has your data, so it doesn't really matter how much you pay, you'll never be able to mitigate that security issue, surely?
Are ransom attacks on the rise in recent months? Any sites that track these sort of things?
- I’m also curious. A quick search came up with these. Not sure which one is most reliable/updated
  https://www.comparitech.com/blog/information-security/global-ransomware-attacks/
  https://www.comparitech.com/ransomware-attack-map/
  https://cissm.liquifiedapps.com/
  https://cybermap.kaspersky.com/special/ransomware
- Anecdotally, the Seattle Public Library is currently recovering from a ransomware attack and still has major systems offline. Of all targets, a public library is a pretty major low.
- Closest I can think of would be haveibeenpwned.
- Shameless promo !databreaches@lemmy.zip
Isn't the next step to take the same amount of money and offer it to any bounty hunter that brings back the heads of the hackers (with sufficient evidence to link the heads to the attack)?
Maybe I watch the wrong movies.
Wasn’t panda buy also recently targeted by a joint investigation from Nike and the Chinese government which led to the seizure of many warehouses for counterfeited items?
exposing customer names, phone numbers, email addresses, login IP addresses, home addresses, and order details.
So, nothing important? You know what else has names, phone numbers, home addresses, etc? Publicly available databases. It's called a phone book. IP addresses? Please. It's not static anyway and it might just lead to a VPN.
- To prove your point, please dox yourself.
  I'd be interested in your full name, address, your phone numbers, your email adresses, birth date and credit information (which is probably in the order details)
- It's what they can do with all of it together. Particularly about calling you and pretending to be a real company, phishing you, because if they called your phone and confirmed your email, name, and home address and order details with you, then it's likely many people would believe them.

19 comments