Snowflake Data Breach: Ransom Demand Drastically Reduced Amidst Confusion

A significant breach involving Snowflake, a cloud-based data management firm, has led to a threat actor named Sp1d3r demanding a ransom for personal data affecting millions of U.S. students. Originally setting the ransom at $2 million in bitcoin, the attacker has surprisingly reduced the amount to $150,000, payable in U.S. dollars, according to a report by HackManac.

The initial threat targeted LASchools/Edgenuity, demanding payment within seven days to prevent the release of sensitive student information, ranging from personal and medical details to academic performance and parental login credentials. However, the threat actor later revised the ransom note, notably lowering the demand and altering the targeted entity to LAUSD.net from LASchools.

Edgenuity has categorically denied any compromise of its data, as confirmed by both LAUSD and Snowflake, adding to the confusion surrounding the breach’s specifics. Bloomberg has also reported that ransoms ranging from $300,000 to $5 million have been demanded from various companies relying on Snowflake’s infrastructure, including prominent names like Ticketmaster, Advanced Auto Parts, and Santander.

Intriguingly, the breach has been attributed to a hacking group known as UNC5537 by Google’s Mandiant security, which is investigating potential links with another group, Scattered Spider. This follows the recent arrest by Spanish police of the alleged leader of Scattered Spider, a 22-year-old British national accused of accumulating about 391 bitcoins through cybercrimes.

Further complicating the scenario, Ticketmaster’s data breach was reportedly executed by a different group, ShinyHunters, known for a previous cyber attack on India’s crypto exchange BuyUCoin.

Amidst these developments, the legitimacy of Sp1d3r as a threat actor is under scrutiny, with some security experts questioning the authenticity of the actor’s profile and its possible association with Scattered Spider.

The Snowflake data breach presents a tangled web of demands, denials, and attributions, reflecting the complex nature of cybersecurity threats and the challenges in accurately tracing and addressing such incidents. As the situation evolves, the security community remains vigilant, piecing together the puzzle of this multifaceted cyber threat.