Cybercrime

From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime > “thedarkoverlord” Targets Finance in Next Wave of Extortion Attacks

“thedarkoverlord” Targets Finance in Next Wave of Extortion Attacks

bio
Trending

Key Findings 

  • On September 25, 2016, “thedarkoverlord,” a notorious threat actor behind the recent extortion attempts of several healthcare organizations, gained access to highly-sensitive information from WestPark Capital investment firm.
  • The CEO of WestPark Capital refused the actor’s blackmail demands, and as a result, partial information was released to the public by thedarkoverlord
  • Flashpoint identified 13 affected organizations across multiple industries.
    Based on publicly-available information, at least 35 organizations could be affected by the breach.

 

Background

Based on a statement released by actor “thedarkoverlord” (also known as “TheDarkOverlord”) via the actor’s Pastebin site, Richard Rappaport, CEO of Los Angeles-based WestPark Capital, a full-service investment firm, became the thedarkoverlord’s most recent extortion victim and is refusing to pay off the criminal.

In an attempt to “persuade” the non-complying CEO to pay an undisclosed ransom payment, thedarkoverlord released a small batch of files pertaining to a variety of the firm’s current and previous business partners. thedarkoverlord’s statement includes the following explanation:

we are releasing a select few documents belonging to WestPark Capital located in the Los Angeles, California, United States area. WestPark Capital is a “full service investment banking and securities brokerage firm” whose CEO, [redacted] spat in our face after making our signature and quite frankly, handsome, business proposal and so our hand has been forced.

Image 1: The sample of compromised information (sensitive information redacted).

Image 1: The sample of compromised information (sensitive information redacted).

Analysis of the leaked files has identified highly sensitive information pertinent to organizations across the financial, energy, legal, media, pharmaceuticals, and technology verticals:

  • Business Development meeting agenda
  • Private offerings of Securities
  • Non-disclosure/Non-circumvention agreement
  • Share Buyback Agreement (agent)
  • Background and reputation investigation of the company’s directors
  • Securities Sale Escrow Agreement
  • Background and reputation investigation of the company’s directors
  • Recommendation letter from Private Bank
  • Non-disclosure/Non-circumvention agreement
  • Underwriter Invitation Wire
  • Legal paperwork
  • Corporate Stock Transfer Rights and Bank Statement
  • Executive Investment Summary
  • Private Placement Memorandum

 

Further analysis of publicly available information determined at least 35 organizations that may have been exposed by the breach.

Assessment

This attack represents a significant shift in thedarkoverloard’s historical tendency of targeting healthcare organizations. At the time of writing, it is unclear whether WestPark Capital has complied with criminal demands to protect the remaining clients; however, Flashpoint will continue to closely monitor the situation and will promptly issue updates regarding any new developments.

Related Posts

About the author: Andrei Barysevich

bio

Andrei Barysevich formerly was the Director of Eastern European Research and Analysis at Flashpoint. He is a native Russian speaker and has previously worked as an independent e-commerce fraud researcher, as well as a private consultant for the FBI's New York Cyber Crime field office. For the past 13 years, Andrei has been personally involved in multiple high-profile international cases resulting in successful convictions of members of crime syndicates operating global re-shipping, money laundering, and bank fraud schemes.