Brian Jackson - Fotolia

Hacker tries to hold Plex video streaming service to ransom

A hacker has accessed Plex forum servers and threatened to publish personal data if a ransom is not paid

Holding data for ransom payable in bitcoin is a growing trend, according to security researchers, and video streaming service Plex is the latest target, prompting a password reset.

The most common attacks use ransomware such as CryptoWall that encrypts company data and demands payment for the decryption key or demands payment to hold off business-crippling distributed denial-of-service (DDoS) attacks, a tactic used by a gang known as DD4BC.

In the Plex case, the attacker gained access to the server hosting its forums and blog, and threatened to publish IP addresses, forum private messages and email addresses if a ransom was not paid.

The hacker demanded payment of 9.5 bitcoin (£1,500) by 3 July 2015, saying the ransom would thereafter go up to 14.5 bitcoin (£2,500).

Plex has refused to pay the ransom and alerted its users to the breach. The firm is also requiring affected users to reset their passwords as a precaution.

According to Plex, the passwords were encrypted using salting and hashing. This means some random nonsense was added to the password text (salting) and the salted password was scrambled cryptographically and stored in a one-way scramble version only (hashing).

However, there is always a risk that given time the hacker could reverse engineer the passwords, which is why Plex has opted to reset affected passwords.

Plex said that its forums will remain offline until the investigation into the intrusion is completed, but that all other systems are operational. The firm said no payment information is stored on its servers.

Plex advised users to ensure that they were not using the same password elsewhere and to use a password manager.

Independent security advisor Graham Cluley said this is good advice. “If you re-use passwords it only takes one website to be hacked for you to suffer a world of pain,” he wrote in a blog post.

Password managers, he said, enable users to store their passwords securely and generate unique, complex, hard-to-crack passwords.

However, Cluley was critical of Plex’s decision to embed a clickable link to reset passwords in their email advisory to users. “That's precisely the kind of trick used in phishing attacks,” he wrote.

Cluley said giving in to blackmail is never a good idea because there is no guarantee that the extortionist will not ask for more money.

“Instead, invest the money in better security – and perhaps either patching your software, or getting a solution which is more capable of defending itself against future attacks,” he wrote.

Read more about ransomware

Read more on Hackers and cybercrime prevention