CyberServe, an Israeli hosting and web development company, was reported to have been hit by a ransomware attack by the BlackShadow threat group that stole their client databases and disrupted their operations. Clients of CyberServe include museums, local radio stations, and educational institutions.
The visitors of the CyberServe website were alarmed upon seeing an error message that informed them about a cybersecurity issue.
The ransomware attack against the hosting company was claimed by the BlackShadow threat group and has demanded $1 million worth of cryptocurrency in exchange for the safety of their stolen data.
BlackShadow gave CyberServe 48 hours as a deadline for their payment.
Thousands of company records were almost leaked as proof that they were serious about the threat, including a large LGBT site called “Atraf.” LGBT people living in a conservative environment will be at significant physical and mental risk if their data is leaked.
According to a message posted by the threat group via Telegram, Atraf’s team has not reached them yet to engage in a deal, so they gathered 50 popular Israeli public figures and leaked their videos instead. Many websites hosted through CyberServe are still inaccessible as of writing, which means that the threat group is still actively taking action.
The attack has also hit several other websites, including the Pegasus travel agency, the Kan public broadcaster, the Holon Children’s Museum, and the Kavim (Dan Bus) public transportation firm. Israeli security analysts have been informing CyberServe about the activity of attacks against their company; nonetheless, it seemed that the hosting company had ignored the warnings or could not locate the security vulnerability being exploited by BlackShadow.
BlackShadow, a state-sponsored Iranian ransomware organisation, has a verified connection to the Pay2Key ransomware strain that frequently targets Israeli victims. But BlackShadow is assumed not to be a financially motivated ransomware group but instead revengeful ones. They are initially designed to disrupt the interests of Israel, which makes them politically motivated.
Analysts say that the attacks towards Israeli firms are cycles of the Iran-Israeli war and are meant to hurt Israel. Furthermore, the recent attack could have been a retaliation move of Iran from a gas pump attack against the country recently.