Cyber security news for all

More

    Brazilian Hacker Faces U.S. Charges for Demanding $3.2 Million in Bitcoin Following Massive Data Breach

    A Brazilian national has been indicted in the United States for allegedly orchestrating an extortion scheme that involved pilfering sensitive data and demanding a multi-million-dollar Bitcoin ransom.

    Junior Barros De Oliveira, 29, hailing from Curitiba, Brazil, faces charges for his role in a cyberattack on a Brazilian subsidiary of a New Jersey-based company in March 2020. According to the U.S. Department of Justice (DoJ), the unsealed indictment accuses De Oliveira of four counts of extortionate threats related to protected computer data and four counts of issuing threatening communications.

    The defendant allegedly infiltrated the company’s systems multiple times, extracting confidential customer information tied to approximately 300,000 individuals. Leveraging the stolen data, he reportedly initiated a series of ransom demands.

    In September 2020, De Oliveira, under an alias, contacted the company’s CEO, requesting 300 bitcoin (equivalent to $3.2 million at the time) in exchange for refraining from selling the stolen information. The following month, he escalated his threats by sending similar messages to the CEO and a high-ranking executive within the Brazilian subsidiary.

    In a subsequent email to a company representative, De Oliveira portrayed himself as a potential collaborator, claiming he could help address the security breach. However, he stipulated a hefty “consulting fee” of 75 bitcoin (around $800,000 at the time) and included detailed instructions for transferring the payment to a Bitcoin wallet.

    The potential penalties for the charges are severe:

    • Each of the four extortionate threats counts carries a maximum sentence of 5 years in prison and a fine of $250,000 or twice the financial impact of the crime, whichever is greater.
    • Each of the four counts of threatening communications could result in a maximum sentence of 2 years in prison and the same financial penalties.

    The indictment highlights the risks businesses face from sophisticated cybercriminals and underscores the significant legal consequences awaiting those who attempt to exploit security vulnerabilities for financial gain.

    Recent Articles

    Related Stories