Canadian Miners Fall Victim To ‘Cyber-Extortion’
A number of Canadian mining companies were targeted by a cybercrime group dubbed FIN10, which managed to steal sensitive information by using spear phishing emails and then demanded ransom in the form of bitcoins, this according to a report released by cybersecurity company FireEye.
“FIN10 is known for compromising networks, stealing sensitive data, and directly engaging victim executives and board members in an attempt to extort them into paying between 100 and 500 bitcoins,” FireEye said.
The stolen information largely consisted of corporate records, private communications and customer information.
The ransom demands ranged between 100-500 bitcoins, which now equals to about $253,000 - $1,265,000.
The companies were given around ten days to make the payment and, if refused, the cyber criminals intensified their threats to release sensitive information to the public.
In case of some firms, FIN10 ended up destroying critical production systems and leaking stolen data to media, the report said.
Image Courtesy of FireEye Report: Sample Extorion Email
On top of targeting Canadian mining companies, the group also attacked casinos.
FIN10 first appeared on the authorities’ radar in 2013.
“Given the release of sensitive victim data, extortion, and destruction of systems, FireEye considers FIN10 to be one of the most disruptive threat actors observed in the region so far,” the report noted.
When dealing with such attacks, FireEye recommends to work quickly and staying focused.
“Consider all options and potentially involve forensic, legal, law enforcement and public relations experts before taking any actions or communicating with the threat actor,” the report added.