You know, I can’t help but chuckle. As I sit here, sipping on a cup of English breakfast tea, I’ve happened upon something rather curious. Have you ever heard of the KillSec3 lot? They’re quite popular in the realm of ransomware, cyber bogeymen, if you will. But hush now, here’s the peculiar part, they might not actually be as fearsome as they seem.
Quick bit of background, right? KillSec3 has been around for a couple of years, dipping their fingers in many a financial pie. Actually, they made quite the splash last year when they announced they’re promoting ransomware as a service. I know, right? What a time to be alive! And, of course, with increasing notoriety, their list of so-called victims has also been on the rise.
Our story truly begins on a nondescript November evening. I found myself engaged in a chat about Curenta, a company supposedly under attack by the elusive RansomHub. Curiously, it seemed that Curenta’s data was already out in the open before the supposed attack. So, I probed further, asking if RansomHub had genuinely hacked Curenta or had they simply taken advantage of an open-door policy?
Us cyber sleuths are an enigma of our own, but the answer received piqued my interest. It came forth that there might be a whiff of negligence in the air. Both the folks at Curenta and another company, Nationwide Legal, had previously been warned of these exposed data gaps by independent researchers, only to turn a blind eye, and eventually, become ransomware victims.
It led me to wonder, were KillSec3 and chums hacking victims or merely exploiting data left out in the open? I began my investigation, poring over copious amounts of data, and what I found was intriguing.
In a multitude of cases, the data KillSec3 claimed to have taken hostage was suspiciously identical to data that was previously known to be openly exposed. Even after these companies popped up on KillSec3’s hit list, many continued to be vulnerable due to their bullheaded disregard for data security. So, the big question is, why would they pay a ransom for data that was already free for all?
Having a good chinwag with KillSec3 themselves, I put forth my observational queries. They were quick to claim innocence, stating that their affiliates were to blame, but the data certainly seemed to sing a different tune. But as the saying goes, “Leaving the gate open and then being surprised when the horse bolts.”
The story doesn’t stop there, my friend. I took another gander at RansomHub’s activities and noticed a similar pattern. Lo and behold, several of their claimed “victims” had previously and publicly exposed their data as well. I still have not dug through all of their breaches. However, it’s safe to say the picture was becoming crystal clear.
So, dear reader, what’s the takeaway from this sordid tale? Take heed. If a ransomware group comes knocking, double-check your garden gate. You might just find your data already roaming the streets. And remember, always have an open communications channel for friendly neighbourhood data watchdogs to alert you of any rogue data leaks.
As for our friend KillSec3, one can’t help but wonder, might they be the equivalent of the Cowardly Lion in our digital Oz? After all, it seems they’re often claiming spoils that were openly available all along.
Here’s a thought – maybe it’s time we invested just as much in strengthening our security as we do in responding to threats. After all, as my granny always says, “Prevention is better than cure,” especially in the world of cybersecurity.
by Parker Bytes
