A hacker group has stolen a variety of corporate and personal information from the United States glue and adhesive company Gorilla Glue.
The group, which calls itself The Dark Overlord, claims to have made off with 500 GB of company data including R&D materials and access to personal email accounts of those who work at Gorilla Glue.
To prove it, the hackers sent 200 GB worth of files to Motherboard. The cache appears to contain financial documents, invoices, and presentations.
Also included in the haul were personal photos apparently of Gorilla Glue’s executives and their family members.
Motherboard has attempted to verify those documents with Gorilla Glue and other companies implicated in the documents, but it has yet to hear a response. Meanwhile, the photos didn’t yield any hits when entered into a reverse image search engine.
Unsurprisingly, The Dark Overlord is quite pleased with its handiwork. One of its members intimated as much to Motherboard in a recent online chat:
“We have everything they ever created.”
Nothing like a smug criminal to get your blood boiling.
Beyond aggravating, that cheekiness isn’t a good sign. It signals that the hacker group feels in control, that everything is going their way.
But where exactly does this hack go from here?
For one possible answer, ask WestPark Capital, a Los Angeles-based investment bank which a suffered a security incident at the hands of The Dark Overlord in September.
The extortionists ultimately decided to publish sensitive documents after the bank refused to agree to its “handsome business proposal.”
Uh-oh. Given what The Dark Overlord said about its most recent hack, that doesn’t bode well for Gorilla Glue. As quoted by Motherboard:
“We approached them with a handsome business proposition. However, there has been a moderate dispute.”
If the hacker group plans to extort Gorilla Glue, and if the information in the Dark Overlord’s possession is legitimate, there’s very little the company can do. They could do nothing and accept the fact that their reputation will probably suffer some damage in the aftermath of several data dumps. Or they could pay the ransom and signal their willingness to pay up for the return of their data, a tendency which other criminals could exploit in the future.
It’s a lose-lose situation, which is why companies need to use the incidents at Gorilla Glue and WestPark Capital as a motivation to boost their own defenses.
In particular, organizations should implement layered defenses that place sensitive data out of the reach of criminals like The Dark Overlord. They should also review their security policies when it comes to patching for vulnerabilities, and they should think about training their employees to watch out for phishing scams and other attacks.