This Week in the Darknet

Welcome to our next "This Week in the Darknet" post! Each week, we will explore an event or topic of interest that we have recently discovered via the power of DARKINT.

This week we're taking a look at the recent activity of TheDarkOverlord as the group was quite active this week, releasing information stolen from three different organizations that decided not to cooperate with the hackers.


TheDarkOverlord, who you may remember was linked to the breach of over 9 million healthcare records back in late June of this year, continues to make their mark extorting company after company.

After breaching an organization, TheDarkOverlord typically seizes proprietary data and contacts the company demanding a ransom to prevent the release of that data. TheDarkOverlord often lists these datasets for sale on TheRealDeal darknet market, which we covered in our last This Week in the Darknet, and links to Pastebin, via Twitter, to release additional information and stolen data for verification to both potential buyers and to the organization being extorted.

The latest listings of data, were taken from three organizations:  WestPark Capital in Los Angeles, CA, Aesthetic Dentistry in New York, New York and Peachtree Orthopedic Clinic in Atlanta, Georgia.

On September 25, 2016, TheDarkOverlord tweeted a link to Pastebin where they stated that they had obtained data from WestPark Capital, an investment bank and securities brokerage firm. Claiming that the firm's CEO "spat in [their] face after making our signature and... handsome business proposal" they were forced to act and so included a link to download part of the data from MegaDownload. Because the Pastebin page was removed, the group took to Twitter again this week on October 11.

TheDarkOverlord releases information stolen from WestPark Capital via a link from Twitter to Pastebin. *OWL Cybersecurity has removed the URL to avoid sending extra traffic to the compromised data.

TheDarkOverlord releases information stolen from WestPark Capital via a link from Twitter to Pastebin. *OWL Cybersecurity has removed the URL to avoid sending extra traffic to the compromised data.

TheDarkOverlord targeted Aesthetic Dentistry and decided to "bring this breach to light" because of "the way [they] were treated by [their] target." After acquiring a hard copy of 3,100 patient records, the group reached out to Aesthetic Dentistry. On October 10, 2016, TheDarkOverlord took to Twitter to release the stolen information. Because the Pastebin page was removed, the group posted to Twitter again on October 12.

TheDarkOverlord releases information stolen from Aesthetic Dentistry via a link from Twitter to Pastebin. *OWL Cybersecurity has removed the URL to avoid sending extra traffic to the compromised data.

TheDarkOverlord releases information stolen from Aesthetic Dentistry via a link from Twitter to Pastebin. *OWL Cybersecurity has removed the URL to avoid sending extra traffic to the compromised data.

Peachtree Orthopedic Clinic was first mentioned on Databreaches.net a few months ago, where an IT employee from the clinic confirmed to Databreaches.net that they had been investigating and working with the FBI to determine what had happened. According to their Pastebin post from this week, TheDarkOverlord says they came into possession of 543,879 medical records from Peachtree Orthopedic Clinic. The Pastebin post also included about a half a dozen healthcare records stolen from the clinic.

TheDarkOverlord releases information stolen from Peachtree Orthopaedic Clinic via a link from Twitter to Pastebin. *OWL Cybersecurity has removed the URL to avoid sending extra traffic to the compromised data.

TheDarkOverlord releases information stolen from Peachtree Orthopaedic Clinic via a link from Twitter to Pastebin. *OWL Cybersecurity has removed the URL to avoid sending extra traffic to the compromised data.

The clinic recently posted the below letter to patients on their website: 

The CEO of Peachtree Orthopaedic Clinic updates patients on the attack via a letter on the group's website.

The CEO of Peachtree Orthopaedic Clinic updates patients on the attack via a letter on the group's website.

 

Our team will continue to track the activities of TheDarkOverlord. We're more than happy to answer your questions about TheDarkOverlord, information security for healthcare organizations, activities on the darknet, dark web, deep web and surface web and the power of DARKINT. Our goal, in addition to providing DARKINT and darknet security solutions and services, is to educate you. Please reach out!

Until next week,
The OWL Cybersecurity Team