NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
"FBI Probes Hacker's $10 Million Ransom Demand for Stolen Virginia Medical Records"
A hacker has allegedly stolen 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse. The hacker also is claiming that all of the backup copies on their system have been destroyed. They're demanding a $10 million ransom to return the data and agree not to sell it on the open market (where, according to some experts, it may actually command a fee higher than $10 million).
Its probably a system managers worst nightmare. Not only has your system been hacked, not only has all of your companies data been stolen, not only does it consist of millions of records containing private information, but the hacker has erased the data, deleted the backups, and is holding it hostage. This is what has apparently happened to the State of Virginia's Prescription Monitoring Program. (as reported by FoxNews)

Here is the ransom note left behind:
ATTENTION VIRGINIA

I have your s[censord]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(

For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid. Now I don't know what all this [censored] is worth or who would pay for it, but I'm bettin' someone will. Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver's license #).

Now I hear tell the F[censord]ing Bunch of Idiots ain't fond of payin out, but I suggest that policy be turned right the f[censord] around. When you boys get your act together, drop me a line at hacking[deleted]@yahoo.com and we can discuss the details such as account number, etc.

Until then, have a wonderful day, I know I will ;)

The site was hacked and the ransom note left behind on April 30th, as of late on May 6th the site was still down. I guess they're having more than just a bad day. Perhaps management will start investing more in security.

Links:


Share or Bookmark this Article Using:
| furl | reddit | del.icio.us | magnoliacom | digg | newsvine | stumble it |



Posted by NIST.org on Wednesday 06 May 2009 - 19:51:28 | |printer friendly
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-9767
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ...
»CVE-2015-5714 (wordpress)
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject ...
»CVE-2015-5715
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPr ...
»CVE-2015-7557 (librsvg)
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dep ...
»CVE-2015-7558 (librsvg)
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loo ...
»CVE-2015-7989
Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows rem ...
»CVE-2015-8558
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to c ...
»CVE-2015-8834
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows r ...
»CVE-2015-8865
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP ...
»CVE-2015-8866
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isol ...
»CVE-2015-8867
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before ...
»CVE-2015-8876
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not v ...
»CVE-2015-8877
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before ...
»CVE-2015-8878
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread s ...
»CVE-2015-8879
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior fo ...


Date published: 2016-05-24T04:50:00Z
Details

»Adobe Releases Security Update for Adobe Connect
Original release date: May 23, 2016 Adobe has released a security update to address a vulnera ...
»VMware Releases Security Updates
Original release date: May 18, 2016 VMware has released security updates to address vulnerabi ...
»Cisco Releases Security Updates
Original release date: May 18, 2016 Cisco has released security updates to address vulnerabil ...
»Symantec Releases Security Update
Original release date: May 16, 2016 Symantec has released Anti-Virus Engine 20151.1.1.4 to ad ...
»Apple Releases Multiple Security Updates
Original release date: May 16, 2016 Apple has released security updates for tvOS, iOS, watchO ...
»Adobe Releases Security Updates for Flash Player
Original release date: May 12, 2016 Adobe has released security updates to address vulnerabil ...
»Google Releases Security Update for Chrome
Original release date: May 11, 2016 Google has released Chrome version 50.0.2661.102 to addre ...
»Adobe Releases Security Updates
Original release date: May 10, 2016 | Last revised: May 11, 2016 Adobe has released security ...
»Microsoft Releases May 2016 Security Bulletin
Original release date: May 10, 2016 Microsoft has released 16 updates to address vulnerabilit ...
»WordPress Releases Security Update
Original release date: May 09, 2016 WordPress 4.5.1 and prior versions are affected by two vu ...


Date published: not known
Details

»Advertisements on Blogspot sites lead to support scam
Support scam pop-ups presented through malicious advertisements sho ...
»To make Tor work better on the web, we need to be honest about it
Many websites put barriers in front of visitors who use the Tor net ...
»Paper: How It Works: Steganography Hides Malware in Image Files
A new paper by CYREN researcher Lordian Mosuela takes a close look ...
»Paying a malware ransom is bad, but telling people to never do it is unhelpful advice
The current ransomware plague is one of the worst threats the Inter ...
»VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers
In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool ...
»VB2016 programme announced, registration opened
We have announced 37 papers (and four reserve papers) that will be ...
»New tool helps ransomware victims indentify the malware family
The people behind the MalwareHunterTeam have released a tool that h ...
»It's fine for vulnerabilities to have names — we just need not to take them too seriously
The PR campaign around the Badlock vulnerability backfired when it ...
»Blog Throwback Thursday: The Number of the Beasts
The Virus Bulletin Virus Prevalence Table, which ran from 1992 unti ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Adobe Releases Security Update for Adobe Connect
[23 May 2016 01:44pm]

» VMware Releases Security Updates
[18 May 2016 03:20pm]

» Cisco Releases Security Updates
[18 May 2016 12:30pm]

» Symantec Releases Security Update
[16 May 2016 09:37pm]

» Apple Releases Multiple Security Updates
[16 May 2016 04:32pm]

» Adobe Releases Security Updates for Flash Player
[12 May 2016 11:39am]

» Google Releases Security Update for Chrome
[11 May 2016 03:59pm]

» Adobe Releases Security Updates
[10 May 2016 01:10pm]

» Microsoft Releases May 2016 Security Bulletin
[10 May 2016 01:07pm]

» WordPress Releases Security Update
[09 May 2016 11:08am]

***
US-CERT Alerts

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

» TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
[14 Jul 2015 05:13pm]

***
Computerworld Security

» ''Delayed'' MacBook Pro 2016 to be thinner (says bored analyst)
[24 May 2016 05:30am]

» How data virtualization delivers on the DevOps promise
[23 May 2016 09:41am]

» A recently patched Flash Player exploit is being used in widespread attacks
[23 May 2016 09:32am]

» 100 thieves stole $12.7 million from ATMs in 2.5 hours
[23 May 2016 08:33am]

» Angry advertisers hope to seal fate of online ad fraud
[23 May 2016 07:10am]

» IDG Contributor Network: Encryption is the foundation of the new data center
[23 May 2016 04:30am]

» SWIFT asks customers to help it end a string of bank frauds
[23 May 2016 04:07am]

» Top 10 ways to retain IT security talent
[20 May 2016 01:10pm]

» Defendants demand to see FBI's secret hacking tool
[20 May 2016 10:38am]

» Worm infects unpatched Ubiquiti wireless devices
[20 May 2016 09:25am]

» Cisco patches high-severity flaws in its Web Security Appliance
[19 May 2016 12:45pm]

» Federal judge rejects Mozilla's demand to see bug in Tor browser
[19 May 2016 12:35pm]

» TeslaCrypt victims can now decrypt their files for free
[19 May 2016 09:42am]

» LinkedIn zombie hack returns for your braaains
[19 May 2016 05:34am]

» Got privacy? If you use Twitter or a smartphone, maybe not so much
[18 May 2016 03:10pm]

***
Microsoft Security Advisories

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

» 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0
[13 Oct 2015 11:00am]

***
WIRED

» Security News This Week: Russia’s FindFace Face-Recognition App Is a Privacy Nightmare
[21 May 2016 05:00am]

» Gay Dating Apps Promise Privacy, But Leak Your Exact Location
[20 May 2016 05:00am]

» Chelsea Manning’s Appeal Took Three Years to File. Here’s Why
[19 May 2016 05:49pm]

» New Surveillance System May Let Cops Use All of the Cameras
[19 May 2016 05:00am]

» With Allo and Duo, Google Finally Encrypts Conversations End-to-End
[18 May 2016 01:23pm]

» That Insane, $81M Bangladesh Bank Heist? Here’s What We Know
[17 May 2016 05:00am]

» Everything We Know About How the FBI Hacks People
[15 May 2016 05:00am]

» Security News This Week: It’s Tech Versus the Government, Yet Again
[14 May 2016 05:00am]

» OkCupid Study Reveals the Perils of Big-Data Science
[14 May 2016 05:00am]

» 4 Ways to Protect Against the Very Real Threat of Ransomware
[13 May 2016 11:00am]

***
Network World Security

» Security training programs don't do enough to mitigate insider risk
[24 May 2016 06:03am]

» How to avoid phishing attacks
[24 May 2016 05:48am]

» IDG Contributor Network: Government failing to fully address EMP threats to the grid, officials say
[24 May 2016 05:34am]

» IDG Contributor Network: Most online tracking is from Google-owned properties
[23 May 2016 12:13pm]

» SIEM review: Splunk, ArcSight, LogRhythm and QRadar
[09 May 2016 02:00pm]

» What users love (and hate) about 4 leading firewall solutions
[25 Apr 2016 01:48pm]

» 10 no-cost home security mobile apps worth a download
[01 Apr 2016 06:39am]

» 7 VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: Consider VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: 5 application security testing tools compared
[01 Mar 2016 01:29pm]

» Skyport eases the pain of deploying and securing remote servers
[29 Feb 2016 04:00am]

» Review: 8 password managers for Windows, Mac OS X, iOS, and Android
[24 Feb 2016 05:58am]

» What users love (and hate) about 4 leading identity management tools
[22 Feb 2016 06:52am]

» A recently patched Flash Player exploit is being used in widespread attacks
[23 May 2016 08:42am]

» New products of the week 5.23.16
[23 May 2016 03:54am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}