LifeLock.com Promo Code

Virginia DHP Gets Their Data Held Hostage

May 5, 2009 – 3:19 pm

The Virginia Department of Health Professionals supposedly had 8,257,378 patient records and a total of 35,548,087 prescriptions stolen from their database. The thief is holding the information ransom for $10 million. This kind of extortion is not a new concept, just last October Express Scripts had their information stolen and held ransom for a similar amount.

The best part about this extortion case is the ransom note sounds like the script of Burn After Reading:

“ATTENTION VIRGINIA

I have your sh!t ! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh

For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid. Now I don’t know what all this sh!t is worth or who would pay for it, but I’m bettin’ someone will. Hell, if I can’t move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver’s license #).

Now I hear tell the f@%king Bunch of Idiots ain’t fond of payin out, but I suggest that policy be turned right the f@ck around. When you boys get your act together, drop me a line at hackingforprofit@yahoo.com and we can discuss the details such as account number, etc.

Until then, have a wonderful day, I know I will ”

This guy is a regular comedian. So it seems that he is good at two things hacking and being funny. Apparently being a standup comic wasn’t paying the bills so he moved on to extortion.

The DHP has not commented on situation, but their website has been down for a while so it seems that there is some validity to this data breach.

Data breaches like these where the criminal encrypts a company’s data and then sells them the key have been done before and now has it’s own name: cryptoviral extortion. Most companies don’t pay the ransom because there is no way of knowing the criminal won’t sell the data after he as received the ransom.

Tags: cryptoviral extortion., extortion, Life Lock, LifeLock, lifelock promotion, LifeLock Promotion Code, Virginia DHP