A group of hackers who call themselves the “Tsar Team” broke into the servers of a Lithuanian cosmetic surgery clinic and leaked to the public more than 25,000 private photos, along with clients’ personal information, according to the police.
The group targeted the Grozio Chirurgija clinic in Kaunsas, whose client record comprises both celebrities and ordinary folks from more than 60 countries around the world, including Germany, Denmark, Norway and the UK.
Some of the leaked photos began circulating online as early as March, but most of the database — consisting of photos before and after plastic surgery, including nude pictures, and personal data such as passport copies and social security numbers — was made public on May 30.
‘Tsar Team’ Demands Bitcoin Ransom
The hacking group has contacted some of the victims to ask for money lest their nude photos and private information be made public.
In exchange for the stolen data, the hackers demand ransom payments of up to €2,000 (or about $2,247), paid in Bitcoin — the price depending on the sensitivity of the ransomed information.
The Lithuanian police states more than a dozen victims have reported receiving blackmail threats.
“It’s extortion. We’re talking about a serious crime,” said Andzejus Raginskis, deputy chief of Lithuania’s Criminal Police Bureau.
Before reaching out to the clinic clients, the Tsar Team first approached Grozio Chirurgija and offered to sell the entire database to the facility for 300 bitcoin, but the clinic refused to comply.
After the failed attempt to sell the data in bulk, the hacking group reduced the price of the entire database to 50 bitcoin.
“Clients, of course, are in shock,” said Jonas Staikunas, director of Grozio Chirurgija.
“Once again, I would like to apologize. Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages,” added Staikunas.
Who Are The Tsar Team?
Tsar Team is reportedly another name for the group known as APT28 or “Fancy Bear.”
Last year, the APT28 group gained their share of notoriety when Microsoft revealed they were exploiting a flaw in Windows software to breach computer networks.
However, the investigators haven’t yet established whether the hackers that attacked Grozio Chirurgija are linked to APT28, or if they’re an unrelated group that adopted the same name for disinformation purposes.