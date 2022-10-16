Banks, multinationals and governments suffer from data theft by hackers in exchange for money

Cybercriminals break into company systems, steal data and then charge for returning files. The practice known as ransomware has had a victim in recent days: the Record TVone of the largest television networks in the country.

There is a suspicion that the Record TV received a ransom request of US$ 5 million (R$ 27 million) so that the “key” to the broadcaster’s contents could be recovered, informed German Fernández, expert in cybersecurity. He says he had access to conversations between BlackCat/AlphaVM (the group responsible for the hack) and the broadcaster.

According to Fernández, the attack would have started on Friday (7.Oct.2022). On Saturday, the station’s transmission system went down. the TV news Speak Brazil was taken off the air midway through the program. series episodes Everybody hates Chris (2005-2009) were shown instead. Cyber ​​crime ranged from videos of reports, paintings and soap operas content.

There is suspicion that hackers have started to leak Dice Record confidential information, such as budget spreadsheets, in the Deep Web (area of ​​the internet that cannot be accessed through common search engines such as Google). O Power 360 contacted the Record TVbut received no response until the publication of this report.

the attacks ransomware are not exclusive to broadcasters. It exposes the weaknesses of companies, which increasingly rely on high digitization of their processes.

Most companies involved in these types of cases are not popular and prefer to pay cybercriminals for ransoms. Police authorities still lack the infrastructure to act quickly in this type of crime.

the crime of ransomware was included in Penal Code Brazil in 2021. However, many criminals operate in other regions, such as Eastern Europe, which makes law enforcement difficult.

Invasions can be costly. Recently, the City Hall of Rio de Janeiro suffered a hacker attack. The website of the City Hall and the municipal secretariats were offline, as well as the issuance of invoices, the Carioca Digital Portal and public and internal service systems.

In February of this year, Lojas Americanas lost BRL 923 million in sales because of the attack (the figure appears in the results report for the 1st quarter of 2022).

On October 5, Banco de Brasília, the capital’s public bank, was also attacked. According to the institution, there was no compromise of current account data or direct financial impact to customers.

“Access information, passwords and current accounts are protected and have not been subject to undue access”, informed the bank. The institution also notified the Civil Police of the Federal District, the Central Bank of Brazil and the ANPD (National Data Protection Authority) about the crime.

CRYPTOCURRENCY AS A WEAPON

Thoran Rodrigues, data expert and CEO of BigDataCorpsaid that the popularization of digital currencies (such as Bitcoin) has helped cybercriminals monetize attacks.

Five years ago, for example, it was more common to overthrow company systems. Currently, the ransomware is of greater interest to criminals by receiving money in exchange for data.

One of the rare cases in which the value of the redemptions became public was that of JBS, one of the largest food companies in the world. In 2021, the company suffered an attack and had to pay $11 million in cryptocurrencies.

In the case of recordthe broadcaster would have to pay the ransom in Bitcoin or Monero (two cryptocurrencies).

Thiago Nicolai, criminalist specialized in Corporate Criminal Law at the DSA Lawyerssaid that, in the event of an attack, it is always recommended to notify the police authorities and seek a legal office or consultancy specializing in this type of crime.

Nicolai says that most data leaks start with human error, through download of programs or use of weak passwords. He cites that companies should strengthen data management and train teams on security standards, such as the use of 2-factor authentication.

“It is no use for the company to have a robust security system and for the employee to use the date of his birthday as a password”, stated.

