A blackmailer attempted to extort $3.5 million from the Binance cryptocurrency exchange, stating they would release confidential KYC (Know Your Customer) data. Binance has refused to pay the demands and is working with law enforcement to track down the cyber criminals.
First, there is some question if the blackmailer even has data from Binance. Some of the sample data was not consistent with data formats held by Binance but might be from a KYC vendor they had previously used. So, there is still a question if Binance was the victim of a data breach. I am sure in the next few weeks more details will emerge on those factors.
What interests me the most is that Binance REFUSED to be victimized and pay the extortion! That is truly AWESOME!
In today’s market, especially with Ransomware and Distributed Denial of Service (DDoS) attacks, many victims choose to pay the criminals. A great analysis by Cyentia Institute estimates a little over 40% of victims pay ransomware extortion!
Government departments are big targets now as many have paid ransoms in the past. The cities of Riveria Beach and Lake City Florida collectively paid over a million dollars and Jackson County Georgia paid $400k all this year.
Some cities have resisted, such as Atlanta and Baltimore, but the industry is seeing attackers adapt to target local agencies for the chance at a big payday.
Paying ransoms is a very bad practice and usually does not resolve the issue. Criminals tend to be very greedy. If they have found a victim who is willing to pay once, they rightfully reason they will pay again. I have outlined this “Greed Principle” and ransomware warnings before in many previous blogs. If you pay them, they will eventually come back to demand another payment, then another, and another. They and others like them will target you in the future, because they know you have a reputation of paying. Blackmailers do not go away. They circle like vultures, attracting other scavengers along the way.
So, I congratulate Binance on their decision not to yield to the threats of criminals, not to fund their illicit activities, and instead to showcase themselves as a beacon for others of what to do when extortionists come calling!
