An iPhone hacking team has released a new jailbreak tool for almost every iPhone, including the most recent models, by using the same vulnerability that Apple last month said was under active attack by hackers.
The Unc0ver team released its latest jailbreak this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which Apple released in December.
Jailbreaking is a cat-and-mouse game between security researchers who want greater control and customizations over their phones, and Apple, which says it locks down iPhones for security. Hackers build jailbreak tools by finding and exploiting vulnerabilities that can lift some of the restrictions that Apple puts in place, like installing apps outside of its app store, which most Android users are already used to.
In a tweet, the jailbreak group said it used its “own exploit” for CVE-2021-1782, a kernel vulnerability that Apple said was one of three flaws that “may have been actively exploited” by hackers. By targeting the kernel, the hackers are able to get deep hooks into the underlying operating system.
We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability.
Apple fixed the vulnerability in iOS 14.4, released last month, which also prevents the jailbreak from working on later versions. It was a rare admission that the iPhone was under active attack by hackers, but the company declined to say who the hackers were and who they were targeting. Apple also granted anonymity to the researcher who submitted the bug.
The group’s last jailbreak, which supported iPhones running iOS 11 to iOS 13.5, was fixed in a matter of days last year. Apple works quickly to understand and fix the vulnerabilities found by jailbreak groups, since these same vulnerabilities can be exploited maliciously.
Security experts generally advise iPhone users against jailbreaking because it makes the device more vulnerable to attacks. And while keeping your phone up to date may introduce security fixes that remove the jailbreak, it’s one of the best ways of keeping your device secure.
Early Stage is the premiere ‘how-to’ event for startup entrepreneurs and investors. You’ll hear first-hand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company-building: Fundraising, recruiting, sales, legal, PR, marketing and brand building. Each session also has audience participation built-in – there’s ample time included in each for audience questions and discussion.
Remote work has become the norm for many businesses in the last year, and today a startup that has built a cybersecurity platform to help manage all the devices connecting to organizations’ wide-ranging networks — while also providing a way for those organizations to take advantage of all the best that the quite fragmented security market has to offer — is announcing a major round of funding and a big boost to its valuation after seeing its annual recurring revenues grow ten-fold over 15 months.
Axonius, which lets organizations manage and track computing-based assets that are connecting to their networks — and then plug that data into some 300 different cybersecurity tools to analyse it — has closed a round of $100 million, a Series D that values the company at over $1 billion ($1.2 billion, to be exact).
“We like to call ourselves the Toyota Camry of cybersecurity,” Axonius co-founder and CEO Dean Sysman told me in an interview last year. “It’s nothing exotic in a world of cutting-edge AI and advanced tech. However it’s a fundamental thing that people are struggling with, and it is what everyone needs. Just like the Camry.” It will be using the funding to continue scaling the company, it said, amid surging demand, with ARR growing to $10 million last year.
This latest round — led by Stripes, with past investors Bessemer Venture Partners (BVP), OpenView, Lightspeed, and Vertex also participating — represents a huge jump for the startup.
Not only is this the company’s biggest round to date, but last year’s $58 million Series C — which closed just as the Covid-19 pandemic was kicking off and remote working, to better enforce social distancing, was starting to take off with it — valued the company at just over $302 million, according to PitchBook data. Axonius has now raised around $195 million in funding.
Last week BVP announced a new pair of funds totaling $3.3 billion, with one dedicated to later stage growth rounds: this indicates that this money is already getting put to work. Amit Karp, the BVP partner who sits on Axonius’ board, describes the startup as one of the “fastest-growing companies in BVP history.”
When I last covered Axonius, one of the details that really struck me is that its platform is especially useful in today’s market, not just because of its focus on identifying devices on networks may well — and today genuinely do — extend outside of a traditional “office”, but also because of how it views the cybersecurity industry.
It’s a very fragmented market today, with hundreds of companies all providing useful tools and techniques to safeguard against one threat or another. Axonius essentially accepts that fragmentation and works within it, and it has its job cut out for it. Last year when I covered the company’s funding, it integrated with and ran network assets through 100 different cybersecurity tools; now that number is 300.
The crux of what Axonius provides starts with a very basic but critical issue, which is being able to identify how many devices are actually on a network, where they are, and what they do there. The idea for the company came when Dean Sysman, the CEO who co-founded Axonius with Ofri Shur and Avidor Bartov, was previously working at another firm, the Integrity Project (now a part of Mellanox).
“Every CIO I met I would ask, do you know how many devices you have on your network? And the answer was either ‘I don’t know,’ or big range, which is just another way of saying, ‘I don’t know,’” Sysman told me last year. “It’s not because they’re not doing their jobs but because it’s just a tough problem.”
He said part of the reason is because IP addresses are not precise enough, and de-duplicating and correlating numbers is a gargantuan task, especially in the current climate of people using not just a multitude of work-provided devices, but a number of their own.
Axonius’s algorithms — “a deterministic algorithm that knows and builds a unique set of identifiers that can be based on anything, including timestamp, or cloud information. We try to use every piece of data we can,” said Sysman — are built to bypass some of this.
The resulting information then can used across a number of other pieces of security software to search for inconsistencies in use (bringing in the behavioural aspect of cybersecurity) or other indicators of malicious activity.
The fact of that platform play — and how it can grow with both the range of devices that are added, as well as technology built to counteract increasingly sophisticated threats — is what attracted investors.
“It’s always exciting to invest in fast-growing, innovative, category-creating companies, but what Axonius has accomplished in such a short time is remarkable,” said Stripes founding partner Ken Fox in a statement. “With its commitment to solving a fundamental challenge with a simple, powerful platform that collects and correlates data from hundreds of products its customers already use, Axonius has built one of the most beloved products in security. We look forward to partnering with the Axonius team as they continue to invest in technical innovation and grow to meet global demand in 2021 and beyond.” Fox will join the Axonius board of directors with this round.
It seems that some of this news leaked out over the weekend. A spokesperson has confirmed it all to us but the “official” announcement will be coming out later today.
Jamaica’s JamCOVID app and website were taken offline late on Thursday following a third security lapse, which exposed quarantine orders on more than half a million travelers to the island.
JamCOVID was set up last year to help the government process travelers arriving on the island. Quarantine orders are issued by the Jamaican Ministry of Health, and instruct travelers to stay in their accommodation for two weeks to prevent the spread of COVID-19.
These orders contain the traveler’s name and the address of where they are ordered to stay.
But a security researcher told TechCrunch that the quarantine orders were publicly accessible from the JamCOVID website but were not protected with a password. Although the files were accessible from anyone’s web browser, the researcher asked not to be named for fear of legal repercussions from the Jamaican government.
More than 500,000 quarantine orders were exposed, some dating back to March 2020.
TechCrunch shared these details with the Jamaica Cleaner, which was first to report on the security lapse after the news outlet verified the data spillage with local cybersecurity experts.
Amber Group, which was contracted to build and maintain the JamCOVID coronavirus dashboard and immigration service, pulled the service offline a short time after TechCrunch and the Jamaica Gleaner contacted the company on Thursday evening. JamCOVID’s website was replaced with a holding page that said the site was “under maintenance.” At the time of publication, the site had returned.
Amber Group’s chief executive Dushyant Savadia did not return a request for comment.
Matthew Samuda, a minister in Jamaica’s Ministry of National Security, also did not respond to a request for comment or our questions — including if the Jamaican government plans to continue its contract or relationship with Amber Group.
This is the third security lapse involving JamCOVID in the past two weeks.
Last week, Amber Group secured an exposed cloud storage server hosted on Amazon Web Services that was left open and public, despite containing more than 70,000 negative COVID-19 lab results and over 425,000 immigration documents authorizing travel to the island. Savadia said in response that there were “no further vulnerabilities” with the app. Days later, the company fixed a second security lapse after leaving a file containing private keys and passwords for the service on the JamCOVID server.
The Jamaican government has repeatedly defended Amber Group, which says it provided the JamCOVID technology to the government “for free.” Amber Group’s Savadia has previously been quoted as saying that the company built the service in “three days.”
In a statement on Thursday, Jamaica’s prime minister Andrew Holness said JamCOVID “continues to be a critical element” of the country’s immigration process and that the government was “accelerating” to migrate the JamCOVID database — though specifics were not given.
Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies.
Spokespeople for the agencies did not immediately respond to a request for comment, but did not deny the breach in remarks to the Post.
It’s believed NASA and the FAA are the two remaining unnamed agencies of the nine government agencies confirmed to have been breached by the attack. The other seven include the Departments of Commerce, Energy, Homeland Security, Justice, and State, the Treasury, and the National Institutes of Health, though it’s not believed the attackers breached their classified networks.
FireEye, Microsoft, and Malwarebytes were among a number of cybersecurity companies also breached as part of the attacks.
The Biden administration is reportedly preparing sanctions against Russia, in large part because of the hacking campaign, the Post also reported.
The attacks were discovered last year after FireEye raised the alarm about the hacking campaign after its own network was breached. Each victim was a customer of the U.S. software firm SolarWinds, whose network management tools are used across the federal government and Fortune 500 companies. The hackers broke into SolarWinds’ network, planted a backdoor in its software, and pushed the backdoor to customer networks with a tainted software update.
It wasn’t the only way in. The hackers are also said to have targeted other companies by breaking into other devices and appliances on their victims’ networks, as well as targeting Microsoft vendors to breach other customers’ networks.
Last week, Anne Neuberger, the former NSA cybersecurity director who last month was elevated to the White House’s National Security Council to serve as the deputy national security adviser for cyber and emerging technology, said that the attack took “months to plan and execute,” and will “take us some time to uncover this layer by layer.”
Amber Group has fixed a second security lapse that exposed private keys and passwords for the government’s JamCOVID app and website.
A security researcher told TechCrunch on Sunday that the Amber Group left a file on the JamCOVID website by mistake, which contained passwords that would have granted access to the backend systems, storage, and databases running the JamCOVID site and app. The researcher asked not to be named for fears of legal repercussions from the Jamaican government.
This file, known as an environment variables (.env) file, is often used to store private keys and passwords for third-party services that are necessary for cloud applications to run. But these files are sometimes inadvertently exposed or uploaded by mistake, but can be abused to gain access to data or services that the cloud application relies on if found by a malicious actor.
The exposed environmental variables file was found in an open directory on the JamCOVID website. Although the JamCOVID domain appears to be on the Ministry of Health’s website, Amber Group controls and maintains the JamCOVID dashboard, app, and website.
The exposed file contained secret credentials for the Amazon Web Services databases and storage servers for JamCOVID. The file also contained a username and password to the SMS gateway used by JamCOVID to send text messages, and credentials for its email-sending server. (TechCrunch did not test or use any of the passwords or keys as doing so would be unlawful.)
A portion of the exposed credentials found on the JamCOVID website, controlled and maintained by Amber Group. (Image: TechCrunch)
TechCrunch contacted Amber Group’s chief executive Dushyant Savadia to alert the company to the security lapse, who pulled the exposed file offline a short time later. We also asked Savadia, who did not comment, to revoke and replace the keys.
Matthew Samuda, a minister in Jamaica’s Ministry of National Security, did not respond to a request for comment or our questions — including if the Jamaican government plans to continue its contract or relationship with Amber Group, and what — if any — security requirements were agreed upon by both the Amber Group and the Jamaican government for the JamCOVID app and website?
Escala’s chief executive Alejandro Planas declined to say if his company was aware of the second security lapse prior to its comments last week, saying only that his company was under a non-disclosure agreement and “is not able to provide any additional information.”
This latest security incident comes less than a week after Amber Group secured a passwordless cloud server hosting immigration records and negative COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year. Travelers visiting the island are required to upload their COVID-19 test results in order to obtain a travel authorization before their flights. Many of the victims whose information was exposed on the server are Americans.
One news report recently quoted Amber’s Savadia as saying that the company developed JamCOVID19 “within three days.”
Neither the Amber Group nor the Jamaican government have commented to TechCrunch, but Samada told local radio that it has launched a criminal investigation into the security lapse.
Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.
As live audio chat app Clubhouse ascends in popularity around the world, concerns about its data practices also grow.
The app is currently only available on iOS, so some developers set out in a race to create Android, Windows and Mac versions of the service. While these endeavors may not be ill-intentioned, the fact that it takes programmers little effort to reverse engineer and fork Clubhouse — that is, when developers create new software based on its original code — is sounding an alarm about the app’s security.
The common goal of these unofficial apps, as of now, is to broadcast Clubhouse audio feeds in real-time to users who cannot access the app otherwise because they don’t have an iPhone. One such effort is called Open Clubhouse, which describes itself as a “third-party web application based on flask to play Clubhouse audio.” The developer confirmed to TechCrunch that Clubhouse blocked its service five days after its launch without providing an explanation.
“[Clubhouse] asks a lot of information from users, analyzes those data and even abuses them. Meanwhile, it restricts how people use the app and fails to give them the rights they deserve. To me, this constitutes monopoly or exploitation,” said Open Clubhouse’s developer nicknamed AiX.
Clubhouse cannot be immediately reached for comment on this story.
AiX wrote the program “for fun” and wanted it to broaden Clubhouse’s access to more people. Another similar effort came from a developer named Zhuowei Zhang, who created Hipster House to let those without an invite browse rooms and users, and those with an invite to join rooms as a listener though they can’t speak — Clubhouse is invite-only at the moment. Zhang stopped developing the project, however, after noticing a better alternative.
These third-party services, despite their innocuous intentions, can be exploited for surveillance purposes, as Jane Manchun Wong, a researcher known for uncovering upcoming features in popular apps through reverse engineering, noted in a tweet.
“Even if the intent of that webpage is to bring Clubhouse to non-iOS users, without a safeguard, it could be abused,” said Wong, referring to a website rerouting audio data from Clubhouse’s public rooms.
Clubhouse lets people create public chat rooms, which are available to any user who joins before a room reaches its maximum capacity, and private rooms, which are only accessible to room hosts and users authorized by the hosts.
But not all users are aware of the open nature of Clubhouse’s public rooms. During its brief window of availability in China, the app was flooded with mainland Chinese debating politically sensitive issues from Taiwan to Xinjiang, which are heavily censored in the Chinese cybserspace. Some vigilant Chinese users speculated the possibility of being questioned by the police for delivering sensitive remarks. While no such event has been publicly reported, the Chinese authorities have banned the app since February 8.
Clubhouse’s design is by nature at odds with the state of communication it aims to achieve. The app encourages people to use their real identity — registration requires a phone number and an existing user’s invite. Inside a room, everyone can see who else is there. This setup instills trust and comfort in users when they speak as if speaking at a networking event.
But the third-party apps that are able to extract Clubhouse’s audio feeds show that the app isn’t even semi-public: It’s public.
More troublesome is that users can “ghost listen,” as developer Zerforschung found. That is, users can hear a room’s conversation without having their profile displayed to the room participants. Eavesdropping is made possible by establishing communication directly with Agora, a service provider employed by Clubhouse. As multiple security researchers found, Clubhouse relies on Agora’s real-time audio communication technology. Sources have also confirmed the partnership with TechCrunch.
Some technical explanation is needed here. When a user joins a chatroom on Clubhouse, it makes a request to Agora’s infrastructure, as the Stanford Internet Observatory discovered. To make the request, the user’s phone contacts Clubhouse’s application programming interface (API), which then creates “tokens”, the basic building block in programming that authenticates an action, to establish a communication pathway for the app’s audio traffic.
Now, the problem is there can be a disconnect between Clubhouse and Agora, allowing the Clubhouse end, which manages user profiles, to be inactive while the Agora end, which transmits audio data, remains active, as technology analyst Daniel Sinclair noted. That’s why users can continue to eavesdrop on a room without having their profile displayed to the room’s participants.
The Agora partnership has sparked other forms of worries. The company, which operates mainly from the U.S. and China, noted in its IPO prospectus that its data may be subject to China’s cybersecurity law, which requires network operators in China to assist police investigations. That possibility, as the Stanford Internet Observatory points out, is contingent on whether Clubhouse stores its data in China.
While the Clubhouse API is banned in China, the Agora API appears unblocked. Tests by TechCrunch find that users currently need a VPN to join a room, an action managed by Clubhouse, but can listen to the room conversation, which is facilitated by Agora, with the VPN off. What’s the safest way for China-based users to access the app, given the official attitude is that it should not exist? It’s also worth noting that the app was not available on the Chinese App Store even before its ban, and Chinese users had downloaded the app through workarounds.
The Clubhouse team may be overwhelmed by data questions in the past few days, but these early observations from researchers and hackers may urge it to fix its vulnerabilities sooner, paving its way to grow beyond its several million loyal users and $1 billion valuation mark.
SailPoint, an identity management company that went public in 2017, announced it was going to be acquiring Intello today, an early stage SaaS management startup. The two companies did not share the purchase price.
SailPoint believes that by helping its customers locate all of the SaaS tools being used inside a company, it can help IT make the company safer. Part of the problem is that it’s so easy for employees to deploy SaaS tools without IT’s knowledge, and Intello gives them more visibility and control.
In fact, the term ‘shadow IT’ developed over the last decade to describe this ability to deploy software outside of the purview of IT pros. With a tool like Intello, they can now find all of the SaaS tools and point the employees to sanctioned ones, while shutting down services the security pros might not want folks using.
Grady Summers, EVP of product at SailPoint says that this problem has become even more pronounced during the pandemic as many companies have gone remote, making it even more challenging for IT to understand what SaaS tools employees might be using.
“This has led to a sharp rise in ungoverned SaaS sprawl and unprotected data that is being stored and shared within these apps. With little to no visibility into what shadow access exists within their organization, IT teams are further challenged to protect from the cyber risks that have increased over the past year,” Summers explained in a statement. He believes that with Intello in the fold, it will help root out that unsanctioned usage and make companies safer, while also helping them understand their SaaS spend better.
Intello has always seen itself as a way to increase security and compliance and has partnered in the past with other identity management tools like Okta and Onelogin. The company was founded in 2017 and raised $5.8 million according to Crunchbase data. That included a $2.5 million extended seed in May 2019.
Last month, Facebook-owned WhatsApp announced it would delay enforcement of its new privacy terms, following a backlash from confused users which later led to a legal challenge in India and various regulatory investigations. WhatsApp users had misinterpreted the privacy updates as an indication that the app would begin sharing more data — including their private messages — with Facebook. Today, the company is sharing the next steps it’s taking to try to rectify the issue and clarify that’s not the case.
The mishandling of the privacy update on WhatsApp’s part led to widespread confusion and misinformation. In reality, WhatsApp had been sharing some information about its users with Facebook since 2016, following its acquisition by Facebook.
But the backlash is a solid indication of much user trust Facebook has since squandered. People immediately suspected the worst, and millions fled to alternative messaging apps, like Signal and Telegram, as a result.
Following the outcry, WhatsApp attempted to explain that the privacy update was actually focused on optional business features on the app, which allow business to see the content of messages between it and the end user, and give the businesses permission to use that information for its own marketing purposes, including advertising on Facebook. WhatsApp also said it labels conversations with businesses that are using hosting services from Facebook to manage their chats with customers, so users were aware.
Image Credits: WhatsApp
In the weeks since the debacle, WhatsApp says it spent time gathering user feedback and listening to concerns from people in various countries. The company found that users wanted assurance that WhatsApp was not reading their private messages or listening to their conversations, and that their communications were end-to-end encrypted. Users also said they wanted to know that WhatsApp wasn’t keeping logs of who they were messaging or sharing contact lists with Facebook.
These latter concerns seem valid, given that Facebook recently made its messaging systems across Facebook, Messenger and Instagram interoperable. One has to wonder when similar integrations will make their way to WhatsApp.
Today, WhatsApp says it will roll out new communications to users about the privacy update, which follows the Status update it offered back in January aimed at clarifying points of confusion. (See below).
Image Credits: WhatsApp
In a few weeks, WhatsApp will begin to roll out a small, in-app banner that will ask users to re-review the privacy policies — a change the company said users have shown to prefer over the pop-up, full-screen alert it displayed before.
When users click on “to review,” they’ll be shown a deeper summary of the changes, including added details about how WhatsApp works with Facebook. The changes stress that WhatsApp’s update don’t impact the privacy of users’ conversations, and reiterate the information about the optional business features.
Eventually, WhatsApp will begin to remind users to review and accept its updates to keep using WhatsApp. According to its prior announcement, it won’t be enforcing the new policy until May 15.
Image Credits: WhatsApp
Users will still need to be aware that their communications with businesses are not as secure as their private messages. This impacts a growing number of WhatsApp users, 175 million of which now communicate with businesses on the app, WhatsApp said in October.
In today’s blog post about the changes, WhatsApp also took a big swipe at rival messaging apps that used the confusion over the privacy update to draw in WhatsApp’s fleeing users by touting their own app’s privacy.
“We’ve seen some of our competitors try to get away with claiming they can’t see people’s messages – if an app doesn’t offer end-to-end encryption by default that means they can read your messages,” WhatsApp’s blog post read.
This seems to be a comment directed specifically towards Telegram, which often touts its “heavily encrypted” messaging app as more private alternative. But Telegram doesn’t offer end-to-end encryption by default, as apps like WhatsApp and Signal do. It uses “transport layer” encryption that protects the connection from the user to the server, a Wired article citing cybersecurity professionals explained in January. When users want an end-to-end encrypted experience for their one-on-one chats, they can enable the “secret chats” feature instead. (And this feature isn’t even available for group chats.)
In addition, WhatsApp fought back against the characterization that it’s somehow less safe because it has some limited data on users.
“Other apps say they’re better because they know even less information than WhatsApp. We believe people are looking for apps to be both reliable and safe, even if that requires WhatsApp having some limited data,” the post read. “We strive to be thoughtful on the decisions we make and we’ll continue to develop new ways of meeting these responsibilities with less information, not more,” it noted.
In Humio, CrowdStrike gets a company that will provide it with the ability to collect unlimited logging information. Most companies have to pick and choose what to log and how long to keep it, but with Humio, they don’t have to make these choices with customers processing multiple terabytes of data every single day.
“Humio had become the data lake for these enterprises enabling searches for longer periods of time and from more data sources allowing them to understand their entire environment, prepare for the unknown, proactively prevent issues, recover quickly from incidents, and get to the root cause,” she wrote.
That means with Humio in the fold, CrowdStrike can use this massive amount of data to help deal with threats and attacks in real time as they are happening, rather than reacting to them and trying to figure out what happened later, a point by the way that SentinelOne also made when it purchased Scalyr.
“The combination of real-time analytics and smart filtering built into CrowdStrike’s proprietary Threat Graph and Humio’s blazing-fast log management and index-free data ingestion dramatically accelerates our [eXtended Detection and Response (XDR)] capabilities beyond anything the market has seen to date,” CrowdStrike CEO and co-founder George Kurtz said in a statement.
While two acquisitions don’t necessarily make a trend, it’s clear that security platform players are suddenly seeing the value of being able to process the large amounts of information found in logs, and they are willing to put up some cash to get that capability. It will be interesting to see if any other security companies react with a similar move in the coming months.
Humio was founded in 2016 and raised just over $31 million, according to Pitchbook Data. Its most recent funding round came in March 2020, a $20 million Series B led by Dell Technologies Capital. It would appear to be a decent exit for the startup.
CrowdStrike was founded in 2011 and raised over $480 million along the way before going public in 2019. The deal is expected to close in the first quarter, and is subject to typical regulatory oversight.
California’s Department of Motor Vehicles is warning of a potential data breach after a contractor was hit by ransomware.
The Seattle-based Automatic Funds Transfer Services (AFTS), which the DMV said it has used for verifying changes of address with the national database since 2019, was hit by an unspecified strain of ransomware earlier this month.
In a statement sent by email, the DMV said that the attack may have compromised “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers.” But the DMV said AFTS does not have access to customers’ Social Security numbers, dates of birth, voter registration, immigration status or driver’s license information, and was not compromised.
The DMV said it has since stopped all data transfers to AFTS and has since initiated an emergency contract to prevent any downtime.
AFTS is used across the United States to process payments, invoices and verify addresses. Several municipalities have already confirmed that they are affected by the data breach, suggesting it may not be limited to California’s DMV. But it’s not known what kind of ransomware hit AFTS. Ransomware typically encrypts a company’s files and will unlock them in exchange for a ransom. But since many companies have backups, some ransomware groups threaten to publish the stolen files online unless the ransom is paid.
AFTS could not be immediately reached for comment. Its website is offline, with a short message: “The website for AFTS and all related payment processing website [sic] are unavailable due to technical issues. We are working on restoring them as quickly as possible.”
“We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with,” said Steve Gordon, the director of the state’s DMV.