WASHINGTON — The FBI appears to have made headway in cracking a cybercrime extortion group that has plagued health clinics, schools, law firms and even Hollywood production companies since 2016.
Serbian authorities, saying they were working with the FBI, arrested a 38-year-old man, believed to be a member of The Dark Overlord, the nation’s Interior Ministry said in a statement Wednesday.
“The aim of the campaign was to uncover a large number of people who, using the name ‘The Dark Overlord’ on the Internet, have (gained) unauthorized access to computer networks and data of at least 50 victims since June 2016,” the statement said.
The FBI declined comment.
Hackers from The Dark Overlord have breached scores of U.S. institutions and clinics, freezing hard drives and demanding payment in bitcoin as ransom to decrypt files, including medical records. They’ve mocked and threatened victims, and have released private medical records and Social Security numbers on the internet to pressure for payment.
The group targeted the Columbia Falls School District last year with extortion threats and eventually shut down all the schools in Flathead County for three days.
In one case last October, the group issued threats to individual parents and students at Johnston Community School District in suburban Des Moines, Iowa, that forced schools to shut for a day.
“Our local police and the FBI were involved because we were like the third school district hit,” said Laura Sprague, director of communications for the school district.
Following the closure of schools on Oct. 3, a tweet from an account used by The Dark Overlord (@tdo(underscore)hackers) warned that the group had released a school directory and that “Any child predator can now easily acquire new targets and even plan based on grade level.”
That same Twitter account minimized the arrest in Serbia of a man identified by authorities only as “S.S.,” saying in a tweet late Wednesday: “Law enforcement has proven to be most incompetent.”
Other school districts in Tennessee and Texas were also subject to ransom demands from The Dark Overlord, and dental and health clinics in Florida, New York, California, Missouri and Oklahoma reported breaches linked to the group, followed by ransom demands.
The Serbian statement, translated using Google, said the cybercrime group had hit some 50 victims and “the victims paid a total of more than $275,000.”
A look at the Twitter accounts used by the group, though, would indicate the list of victims may be much longer.
The group gained some notoriety in April 2017 when it released 10 unaired episodes of the fifth season of the Netflix hit show “Orange is the New Black,” declaring that the Los Gatos, Calif., streaming media company had declined to pay a ransom.
Two months later, the group released eight unaired episodes of ABC’s “Steve Harvey’s FUNDERDOME” show.
In an encrypted chat with a McClatchy reporter last year, a member of the group displayed the swagger and vulgarity that also marks the group’s Twitter feed. The person suggested that the group did its victims, or “clients,” a favor by pointing out security flaws in their computer networks.
“It’s easier to sign on as a client and pay up than it is to fight us. You will lose and fall with a great thud,” the person told McClatchy at the time.
The group has suggested on Twitter that some victims minimize the damage that they have suffered.
On April 2, the group tweeted, “It’s true we breached the Waverly Police Department,” referring to a small community in Virginia southeast of Richmond. “ However, we stole far more than they admitted, and we’re going to prove them wrong.”