Ransomware group AlphV/Black Cat says it has hacked and stolen 500 gigabytes (GB) of data from the system of warehouse shopping giant PriceSmart.
The company has been listed as a victim on AlphV/Black Cat’s dark web blog again.
It was first listed on November 12.
Enterprise risk and security consultant Shiva Parasram confirmed yesterday that AlphV/Black Cat stated on its dark web blog that it plans to start attacking “pretty much everyone and everything” after it was seized by international law enforcement on Tuesday between 7 a.m. and 9 a.m.
The group said it took back control of its blog around noon that day.
“The group has put out a release stating that they are very upset with law enforcement–FBI and law enforcement agencies–and that they are just going to start attacking ‘pretty much everyone and everything’,” Parasram told the Express yesterday.
He said the group has also given the company 48 hours to contact them.
He said the amount of data was not listed when the site was taken back by the group.
“Under PriceSmart’s listing, they said it has 48 hours to contact them and usually that’s an indication that they need to either demand and get their payment within 48 hours or they want to start negotiations to see how much PriceSmart will pay. AlphV/Black Cat is known for asking for as much as US$8 million and more sometimes in ransom demands which is why they go after such large companies.”
He speculated that since AlphV/Black Cat has not announced what they have, certain details like the history and pictures of customers’ PriceSmart cards could be among the information.
“(Many) people have PriceSmart cards, so a history of possibly the card, a picture of the card, its details like your address and phone number can be released. (AlphV/Black Cat) could possibly have banking information, I can’t say, but the personally identifiable information (PII), it could have that.”
He added that people’s purchases and times of purchases could also be released which he said people may not be interested in unless it is their banking information.
But hackers can do a lot with PII, he said during a phone interview.
“The thing is hackers and other groups could use the information to target individuals because what we’ve realised is that ransomware groups, even AlphV/Black Cat, have actually promised to target individuals inside corporations, not just corporations.”
He said he was not sure if this will continue or not, but he was “very concerned”.
“I am also a PriceSmart cardholder, so I am thinking at least my name, address, phone number, purchases, purchase history, the amount and details of PriceSmart’s system and its network can be released,” Parasram said.
He added, “It could be damaging for a bit, it all depends on how Trinidadians decide to take it, I feel like a Trinidadian might say ‘Well, my information is out there, once they didn’t touch my bank account’. But the implications stem from photo IDs being out there since people can use them for all types of fraud, in terms of opening and closing accounts, and verifying authenticity online. Hackers can do amazing things these days with a little bit of information from social engineering to phishing to hacking.”
Asked about safety precautions that can be taken by PriceSmart, he suggested, “They have a lot of work to do in terms of increasing security and maybe doing penetration tests and vulnerability assessments more often. It previously might have been once a year, but for some companies I do these tests maybe two times a month now. Staff training, staff awareness, deploying things end-point detection and response systems, reviewing firewall logs, making sure firewall policies are updated, and doing internal and external threat management could be done.”
But he noted that he was not aware of what systems PriceSmart already has in place.
He added, “Honestly, sometimes, no matter what you have in place, these groups have some of the most intelligent IT professionals in the world and they have business analysts there as well...” He said it is “very worrying” that the group said it was previously able to steal 500 GB of data.
“The amount of information that came out of the Telecommunications Services of T&T was only six GB, this is 500 GB of information, so for that amount of information to have been allegedly leaked without their notice, it is very worrying about what systems they have in place,” Parasram said.
The Express contacted PriceSmart for comment via e-mail but there was no immediate response yesterday.
November attack
On November 13, the day after it was first listed as a victim of AlphV, PriceSmart said it had launched an “ongoing investigation process” with the support of third-party experts.
It stated, “PriceSmart is investigating a cybersecurity incident that affected some of the internal systems, and it has initiated an investigation process with the support of leading third-party experts. The company is aware a malicious actor has claimed to have taken data from our systems and has been working with leading cybersecurity experts to aggressively gather facts while working to ensure members’ information remains protected.”
It added, “At this time, we have no reason to believe that any personal information has been compromised. However, if the investigation concludes that this incident has impacted sensitive information, PriceSmart will contact affected organisations and individuals as appropriate.”
https://trinidadexpress.com/news/local/ ... 070ca.html
