The Industrial Spy database marketplace has launched its own extortion campaign that encrypts the stolen information of victims.
The Industrial Spy trading platform sells various types of data stolen from companies, from “premium” data for millions of dollars to individual files for just $2. The user can buy diagrams, drawings, technologies, political and military secrets, accounting reports and client databases of competitors.
Last week, a security researcher MalwareHunterTeam I found a new sample of Industrial Spy malware, which contains a ransom note.
“Unfortunately, we have to inform you that your company has been compromised. All your files have been encrypted and you cannot recover them without our private key. Trying to restore it without our help may lead to the complete loss of your data.
We also investigated your entire corporate network and uploaded all confidential data to our servers. If we do not receive a response from you within 3 days, we will publish your data on the Industrial Spy Market website, – specified in the letter.
According to cybersecurity expert Michael Gillespie, Industrial Spy used DES encryption with a key that is encrypted using the RSA1024 algorithm.
When encrypting files, Industrial Spy creates a ransom note called “README.htm” in every folder on the device. In addition to the email address, the note also contains the TOX identifier for communicating with intruders.
Earlier it was reported that the popular darknet marketplace Versus Market has closed
after the discovery of an exploit that could open access to the database and reveal the IP addresses of the servers. Having discovered the vulnerability, the operators decided to disable Versus themselves in order to avoid detection.