Market research company Klue disclosed that a ransomware group compromised its systems in a 12 June data breach, with the hackers getting a hold of data from a raft of Klue customers, including several cyber security firms.
It’s been quite the wild ride since then, with Klue finally seeming to have come to an agreement with the ransomware group in question, Icarus.
“We continue to communicate with the threat actor we have been in contact with (‘Icarus’),” the company said in an update circulated to customers last week, which was seen by TechCrunch.
“Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down, and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”
Klue told its customers that Icarus’ leak site was down, and as of the time of writing, that remains the case, with the TOR Browser returning an “Onion site not found” error.
Unfortunately, Icarus has also warned Klue that a second threat actor is now threatening its customers, and may have accessed some limited data after stealing it from Icarus.
While Cyber Daily has not seen this second actor’s leak site, TechCrunch has. This new actor is alleging that Klue paid an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries”.
“TechCrunch has obtained no independent verification that Klue paid Icarus, nor could we determine why the Icarus website is down,” TechCrunch said last week.
“A Klue spokesperson did not immediately respond to a request for comment.”
This second hacker is now extorting Klue’s customers, with the company confirming that Icarus asked it to pass on a message to not make any payments to this “other party”.
A lack of trust
While the whole ride must be a wild one for Klue and its customers, going from breach to negotiation, then settlement, and now – potentially – a breach again, Gerald Beuchelt, CISO at Acronis, said that the incident illustrates the difficulty of attempting negotiations with cyber criminals.
“Everyone says ‘don’t negotiate with cyber criminals’, and that is somewhat tone-deaf advice; it’s generally not that simple,” Beuchelt told Cyber Daily.
“If a hospital is locked out of its systems, this can be a life and death situation, and if it’s data that’s compromised, it could be incredibly sensitive, and you may owe it to the people whose data it is to do what you can to keep that private.
“However, there is the simple fact that when you’re dealing with criminals, you don’t necessarily get what you pay for. If you can possibly avoid it, you’re better off not negotiating and just restoring via backups.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.