This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. To find out more about the cookies we use, see our privacy policy


UPDATED – Equifax Data Being Held for Ransom for $2.6m USD in Bitcoin

Hosted on a .onion site which runs on the anonymous Tor network, hackers claim they have the Equifax data and are holding it for ransom for approximately 600 Bitcoin or $2.6m USD

Hosted on a .onion site which runs on the anonymous Tor network, hackers claim they have the Equifax data and are holding it for ransom for approximately 600 Bitcoin or $2.6m USD

Updated on 11/09/2017 10:35am GMT

It now appears the ransom demand from the alleged hackers has been taken down and claimed to be a scam from someone who hosted the ransom webpage. It’s good to see that there is a level of quality control even among web sites on the dark web!

Original Post

One of DynaRisk’s intelligence analysts has spotted that the stolen data from Equifax seems to be held for ransom by hackers via the dark web.

Hosted on a .onion site which runs on the anonymous Tor network, the hackers claim they have the Equifax data and are holding it for ransom for approximately 600 Bitcoin or $2.6m USD at the current exchange rate.The hackers claim that they will publish the data on September 15th unless they are paid.

We are two people trying to solve our lives and those of our families. We did not expect to get as much information as we did, nor do we want to affect any citizen. But we need to monetize the information as soon as possible. Every day that passes is worth less, and the limit will be on September 15th. That day all the information except the credit cards will be published. It’s a necessary damage for companies like Equifax to learn. If up to day 15 they pay the requested amount all the information and all the backups will be deleted. Our word may seem insufficient but we do not gain anything by posting personal information if it is not absolutely necessary.

While this could be a scam, Equifax and their security teams will no doubt be trying to ascertain if the claims are legitimate by contacting the alleged hackers and obtaining a sample of the data.

The hackers make it very clear who should contact them and leave an email address to get in touch. Given the company’s share price has plunged by 13%, $2.6m USD seems like pocket change to make this incident go away.

 

Related: What you need to know about the Equifax data breach

We certainly wonder if Equifax has cyber insurance in place and what the coverage on it might be. Many policies will cover the cost and facilitate the payment of the ransom, but what about the loss of reputation that has resulted in the share price plunge?

Time will tell, this story will no doubt continue to unfold over the coming weeks and months.

For anyone wondering what their general level of cyber risk is, they can get a free scan.