The Tsar Team hacking group is demanding ransom for photos of clients of a Lithuanian cosmetic surgery clinic. The hackers broker into the clinic’s servers and stole 25,0000 pictures, some of them displaying nude shots of patients, alongside other personal data including passport copies. They are demanding bitcoin ransom from clients found across 60 countries – including 1,500 in the UK – varying in range from €50 to €2,000, depending on the sensitivity of the stolen data.
Tsar Team is one of the pseudonyms used by notorious Russian hackers Fancy Bear – although in this case it could merely be an independent hacker who has commandeered the name to create further confusion. Before approaching patients individually, the hacker/s attempted to sell the entire database for 300 bitcoin (ca £0.5m) but the clinic refused to pay. The asking price has since dropped to 50 bitcoin (ca £100k).
The case highlights Lithuania’s cybersecurity shortcomings and more generally illustrates how awareness and adoption of basic cybersecurity infrastructure in certain regions of the world still leaves much to be desired. In a world where business in conducted across borders, this creates risks for organisations and individuals regardless of their residence.