At the end of April 2020, Save.TV and the UseNeXT service were temporarily offline. The reason: service provider Omniga, who manages both platforms, had been the victim of a hack.
Omniga Refused To Pay
Omniga now admitted that the company network was infected with ransomware as a result of this incident. The hacker group in charge tried to blackmail the company with copied data. Because of refusing to pay, some data ended up online in the course of the extortion. According to the results of a forensic analysis, there was probably no data from customers.
After the incident, the websites of both services are now online again.The available functions are at least still limited Save.TV. Potential users are advised to change passwords and to check their bank accounts for unusual activities.
The Ransomware Gang Apparently Tried To Blackmail Omniga Twice
They not only demanded a ransom for decrypting the files, but also threatened to publish the data that had been tapped if they were not paid. The strategy of double extortion has almost become the norm.
The fact that the hackers began to gradually publish the copied files is not only proven by the screenshots from a forum. A spokeswoman for Omniga also confirmed on request that data was copied and at least a subset was published. Referring to the report resulting from this analysis, she said that it can be assumed that the data types affected by the hack are limited to emails, contract documents and documents in administrative directories of Omniga. According to the current state of knowledge, no sensitive customer data had been stolen, neither from the customer specific directories nor from the technologies used by the individual shops.