The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper.
On May 12, a day after intruders broke into the paper's IT systems, the extortionists threatened to dump "financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, [and] source code" belonging to the publication on a dark-web site. And indeed, some files attributed to the American daily newspaper did appear on that website.
While The Inquirer confirmed Cuba (the cybercrime group, not the country) had claimed responsibility for the break-in, it insisted that any documents posted by the gang on the dark web were not swiped from the newspaper.
"We have seen no evidence to date that any data related to The Inquirer has been shared online," Inquirer Publisher and CEO Lisa Hughes said in a statement to The Register.
The extortion crew has since delisted data attributed to The Inquirer. This can means the victim paid up or has begun negotiating a ransomware payment. Or it can indicate that the leaked files didn't actually belong to the victim, as seems possible in this case.
Emsisoft threat analyst Brett Callow said it's too early to tell why the criminals removed the listing from the extortion site.
"Was Cuba scammed by a partner? Was this an intentional ploy to keep the company in the news cycle and under pressure without needing to weaken their negotiating position by releasing any data? Or did they upload the wrong company's data? It wouldn't be the first time a ransomware ..
Support the originator by clicking the read the rest link below.