In its latest attack on an Israeli company, Black Shadow disclosed data from a number of companies served by Israeli internet company Cyberserve, including Atraf, bus companies Kavim and Dan, and travel booking company Pegasus.
The latest attack was announced by the group on Friday, with Black Shadow claiming to have damaged the servers. Cyberserve is a web hosting company, which means it provides servers and data storage to other companies in all industries. The data captured by the hackers includes a wide variety of businesses, from travel booking company Pegasus to bus company Dan and even the Israel Children’s Museum.
Black Shadow claimed on his Telegram channel on Sunday that neither government officials nor Cyberserve contacted them about their ransom demand, so they decided to allow the public to provide the million dollar ransom they were asking. “Obviously it’s not a big problem for them,” the group said. “We know everyone is concerned about the ‘Atraf’ database. As you know, we are looking for money.
The group promised that if it got the ransom it would not disclose the information of about a million people it had gathered from Atraf. The group made no promises regarding the other data it had collected.
“You must not under any circumstances submit to the demands of the attackers,” Israel Internet Association CEO Yoram Hacohen said Sunday in response to Black Shadow’s demands.
“There is no guarantee that if the amount is paid, the information will not be released and more importantly, such surrender will result in further and increased attacks due to what they perceive to be an exploit,” he said. warned Hacohen. “Additionally, if private surfers receive any messages with demands for ransom payments, they should immediately report it to the police and take no action beyond that. “
“What needs to be done now is to refine the online security and privacy regulations and provide all support, physically and mentally, to those about whom information has come to light,” Hacohen added. .
The Agudah – The Association for LGBTQ Equality in Israel and the Israel Internet Association advised those affected by the cyberattack to make sure to change their usernames and passwords and to use passwords. going strong. The two stressed that in any incident of ransom demand or blackmail, those concerned should contact the Israel Police.
“The natural human tendency may succumb to the demands of attackers, but past experience shows that there is no guarantee that personal content will be removed. In addition, it is an opening that can lead to demands for additional ransoms, ”stressed the two organizations. They also advised those affected to notify social media platforms if their information is published on social media.
Those concerned in the lesbian, gay, bisexual and transgender community can contact a hotline set up by Agudah between 5 p.m. and 7 p.m. and between 7:30 p.m. and 10:30 p.m. Sunday to Thursday at * 2982 and on WhatsApp at 058-620-5591.
Yigal Unna, the head of the National Directorate of Cyber Security, told Army Radio on Sunday that Black Shadow appears to be a criminal group with an “anti-Israel flavor,” adding that “it could be because they are of one origin or another, but it is not fundamentally different from what is happening all over the world.
Cyber security consultant Einat Meyron said in response to the latest Black Shadow attack that “the identity of the attacking group is a little less important.
“On the side of the attacked companies – for insurance and reputation reasons, it is clear that they will want to blame the attack on Iran. In practice, it is not necessary to make it easier for attackers to refrain from exercising basic defenses, ”added Meyron.
The cybersecurity consultant further stressed that “it is necessary to prove beyond any doubt that this is an Iranian group and that it is neither trivial nor significant due to the effect of the slander. and because an Iranian attribution does not necessarily indicate that it was an Iranian mission. . ‘”
Meyron further explained that a group working for the Iranian regime is unlikely to “waste energy” on recordings from random sites, but rather aim to cause significant damage to critical infrastructure.
In December, in response to the Shirbit cyberattack, Zohar Pinhasi, CEO of cybersecurity service MonsterCloud, told the Jerusalem Post that claims that Black Shadow wanted to strategically harm Israel and was not looking for money were “a no- sense “.
“This assertion is repeated in all the sectors attacked and in all countries. The hack is almost always primarily a ransom attack and on a financial basis. This is also the case in the Shirbit attack, ”said Pinhasi, who is also a former computer security intelligence officer in the IDF.
“Pandora’s box has opened and now the company is trying to downplay the seriousness of the hack and view it as a matter of ‘national security’ to avoid damaging their reputation and be acceptable to the regulator and customers. “
Ben Zion Gad contributed to this report.