The thefts are the latest in a long line of ransom and extortion attacks perpetuated by cybercriminals over the past year. Security experts have been responding, with greater frequency, to breaches in which these criminals threaten to expose or delete proprietary information unless companies pay a ransom.
Those threats have increased with the advent of ransomware, malicious software that encrypts victims’ data and prevents them from accessing it until they pay a ransom, often hundreds or thousands of dollars’ worth of Bitcoin, a cryptocurrency. Ransomware attacks have increased in the past five years and were up 50 percent in 2016 compared with 2015, according to a data breach investigations report published last week by Verizon.
This specific breach highlights a risk posed by the weak security practices in the postproduction studios that manage the release of proprietary entertainment content. While companies like Netflix and Fox might invest in state-of-the-art cybersecurity defense technology, they must also rely on an ecosystem of postproduction vendors, ranging from mom-and-pop shops to more sophisticated outfits like Dolby and Technicolor, which may not deploy the same level of cybersecurity and threat intelligence.
The stolen content appears to be dated. In an online post, thedarkoverlord said it had obtained the first 10 episodes of Season 5 of “Orange Is the New Black”; the breach occurred before the final three episodes were released to postproduction studios. The first episode was made public on a file-sharing site on Friday, which the hacker linked to via Twitter with a threat: “Let’s try to be a bit more direct, Netflix.” The nine other episodes were released on Saturday.
In a message posted Saturday, thedarkoverlord criticized Netflix for not meeting its blackmail requests. “It didn’t have to be this way, Netflix,” the message said. “You’re going to lose a lot more money in all of this than what our modest offer was.”
The statement continued: “We’re quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves.”
The hacker threatened to release content from other studios on Saturday if its demands were not met. ABC, Fox and IFC declined to comment, and a message to National Geographic was not immediately returned.
The alias thedarkoverlord has popped up in other recent attacks, including one last January on a small charity in Muncie, Ind., the Little Red Door Cancer Services of East Central Indiana. In that case, the hackers wiped the organization’s servers and backup servers, and demanded 50 bitcoins — valued at $43,000 — to restore the data. The organization did not pay.
Last summer, the same hacker claimed to have breached at least three health care companies in the United States and a health insurer, and attempted to sell their stolen data on the dark web, on a website called TheRealDeal, for $96,000 to $490,000.