Court orders Black Shadow content to be blocked by search engines

Tel Aviv Magistrates’ Court on Wednesday ordered internet providers and search engines to block access to Black Shadow and the content it leaked to Israeli businesses, as Israeli authorities continue to work to limit the damage caused by the ransomware attack.

The court also ordered the removal of the disclosed personal information.

Despite Telegram’s removal of Black Shadow’s channel on Tuesday, the hacker group was able to open a new channel later today and has since leaked even more data from 103FM radio, travel insurance company Trip Guaranty. , the Locker Ambin furniture company, the Mor Institute for Medical Data, and the Tacy jewelry company.

Recently leaked data includes flight details, addresses, emails and dates of birth, among other details.

On Tuesday, Black Shadow disclosed the profile data of hundreds of thousands of “Atraf” users, following threats to do so if the desired ransom of $ 1 million was not reached.

Illustrative photo of a cyberattack. (credit: Wikimedia Commons)

The hackers, who broke into the servers of web hosting company Cyberserve and have since threatened to leak Atraf’s data, as well as bus company Dan and travel booking company Pegasus, who were clients of Cyberserve and whose data was stored on their servers.

Hackers previously threatened to disclose data obtained from the gay dating app’s database, which she obtained during her attack on Cyberserve, after a 48-hour deadline she set for herself. to respond to his request for $ 1 million passed Tuesday.

The file was blocked by the site that hosts it shortly after Black Shadow posted the link, but has since been reposted on a working link.

The latest attack was announced by the group on Friday, with Black Shadow claiming to have damaged the servers. Cyberserve is a web hosting company, which means it provides servers and data storage to other companies in all industries. The data captured by the hackers comes from a wide variety of companies, from travel and bus booking companies to the Israel Children’s Museum.

“You must not under any circumstances submit to the demands of the attackers,” Israel Internet Association CEO Yoram Hacohen said Sunday in response to Black Shadow’s demands.

“There is no guarantee that if the amount is paid, the information will not be released and, more importantly, such surrender will lead to further and increased attacks due to what is seen by them as an exploit. “, he warned. “Additionally, if private surfers receive any messages with demands for ransom payments, they should immediately report it to the police and take no further action.

“What needs to be done now is to refine the online security and privacy regulations and provide all support, physical and mental, to those about whom the information has come to light,” said Hacohen.

Black Shadow is responsible for previous attacks on Israeli companies, such as auto insurance company Shirbit and finance company KLS. In the attacks, the companies involved claimed the group was Iranian, despite the claims being rejected by cybersecurity experts.

Yigal Unna, head of the National Directorate of Cyber ​​Security, told Army Radio on Sunday that Black Shadow appears to be a criminal group with an “anti-Israel flavor,” adding that “it could be because they are from one source or another, but it is not fundamentally different from what is happening all over the world.

“My position has been very argued for years – don’t pay or negotiate. It’s useless, it’s useless,” cybersecurity consultant Einat Meyron said Tuesday.

“The information is in any case disclosed and sold on other channels, on the darknet, where shameful lists of companies are also published which have paid the ransom when they were promised that they would not be revealed. . That in itself should be enough, but when you also see the quality of the conversation the attacker has with the negotiator, it’s hard not to understand the attacker, ”said Meyron.

“With an average cost of $ 7,000 to $ 9,000 per negotiator, for two or three days it is already better to transfer the money to a charity that does good. At least that way there is a chance that karma is taken into account, ”added the consultant.

Meyron said on Saturday in response to Black Shadow’s latest attack that “the identity of the attacking group is a little less important.

“On the side of the attacked companies – for insurance and reputation reasons – it is clear that they will want to blame the attack on Iran,” she said. “In practice, it is not necessary to make it easier for attackers to refrain from exercising basic defenses.

The cybersecurity consultant also stressed that “it is necessary to prove beyond any doubt that it is an Iranian group. And this is neither trivial nor significant because of the effect of the slander – and because an Iranian attribution does not necessarily indicate that it was an “Iranian mission”.

Meyron further explained that a group working for the Iranian regime is unlikely to “waste energy” on recordings from random sites, but rather aim to cause significant damage to critical infrastructure.

The Attorney General’s Office Cyber ​​Unit announced that it was continuing to act against Black Shadow and had contacted Google to block access to the hacker group’s website and that Telegram had blocked two other channels belonging to the hacker group. group.

The Director of the Cyber ​​Unit at the State Attorney’s Office, Dr Haim Wismonsky, said the department will continue to work to reduce and disrupt the activities of cybercriminals in order, among other things, to protect privacy and the security of the state’s citizens in cyberspace, ”said the Cyber ​​Unit.

Rosemary S. Bishop