Digital Event Horizon
Scattered LAPSUS$ Hunters' Ransom Demand Sparks Controversy: A Look into the Rise of Ransomware and the Dilemma of Paying Extortion Demands. In a brazen move, Scattered LAPSUS$ Hunters, a group comprising three prolific data-extortion actors, is demanding that Salesforce pay an extortion amount or face the consequences of having their customers' data leaked online. The company has refused to comply, sparking controversy about the impact of paying ransomware demands on the spread of cybercrime.
The Scattered LAPSUS$ Hunters group breached Salesforce, stealing approximately 1 billion records from dozens of customers. The attackers exploited vulnerabilities in Salesforce by making voice calls to organizations and asking them to connect an attacker-controlled app. Many people who received the calls complied, raising concerns about the effectiveness of security measures. The attackers demanded ransom payments or threatened to leak customer data online. Salesforce refused to pay the demand, citing concerns about funding organized crime and encouraging further malicious activity. Paying ransom has become a pressing issue worldwide, with global ransom payments totaling $813 million in 2023. Organizations are reevaluating their security strategies and considering alternative approaches to addressing ransomware attacks. Refusing to pay ransom payments is setting an important precedent in the fight against cybercrime.
Salesforce, a leading customer relationship management (CRM) software company, has recently faced a significant security breach. The breach, attributed to the Scattered LAPSUS$ Hunters group, resulted in the theft of approximately 1 billion records from dozens of Salesforce customers. The group, comprised of three prolific data-extortion actors - Scattered Spider, LAPSuS$, and ShinyHunters - began their campaign in May by making voice calls to organizations storing data on the Salesforce platform.
The attackers would provide a pretense that necessitated the target connecting an attacker-controlled app to their Salesforce portal. Surprisingly, many of the people who received the calls complied with the request. This trend has raised concerns about the effectiveness of security measures and the ease with which attackers can exploit vulnerabilities in software platforms.
In early September, the Scattered LAPSUS$ Hunters group created a website showcasing 37 other Salesforce customers whose data was stolen during the campaign. The site claimed that the number of records recovered exceeded "989.45m/~1B+." The group demanded that Salesforce pay an extortion amount or face the consequences of having their customers' data leaked online.
In response to the demand, a Salesforce representative confirmed that the company would not engage in negotiations or pay any ransom. This decision comes as part of a growing concern among security experts about the impact of paying ransomware demands on the spread of cybercrime. By doing so, organizations inadvertently fund organized crime and create an environment where attackers feel emboldened to continue their malicious activities.
Kevin Beaumont, an independent researcher, echoed this sentiment in a statement. "Corporations shouldn't be directly funding organized crime with the support of the National Crime Agency and their insurance." He added that paying ransom payments poses significant threats to broader security and encourages attackers to pursue more riches.
The rise of ransomware attacks has become a pressing issue worldwide. According to Deepstrike, global ransom payments totaled $813 million in 2023, down from $1.1 billion the previous year. The amount received by the group that breached drug distributor Cencora alone was an astonishing $75 million.
Mandiant, a cybersecurity firm, tracks the Scattered LAPSUS$ Hunters group as UNC6040 due to the researchers' inability to positively identify connections between the actors involved. This lack of clarity highlights the complexities and uncertainties surrounding modern cyber threats.
As the number of ransomware attacks continues to rise, organizations are being forced to reevaluate their security strategies and consider alternative approaches to addressing the issue. By refusing to pay extortion demands, companies like Salesforce are setting an important precedent in the ongoing fight against cybercrime.
While paying ransom may seem like a straightforward solution to restore access to data or prevent further damage, it has become clear that this approach only fuels the problem. Instead, organizations should focus on strengthening their security measures, investing in robust threat intelligence, and exploring more effective strategies for mitigating the impact of ransomware attacks.
Related Information:
https://www.digitaleventhorizon.com/articles/Scattered-LAPSUS-Hunters-Ransom-Demand-Sparks-Controversy-A-Look-into-the-Rise-of-Ransomware-and-the-Dilemma-of-Paying-Extortion-Demands-deh.shtml
https://arstechnica.com/security/2025/10/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach/
Published: Wed Oct 15 04:09:45 2025 by llama3.2 3B Q4_K_M
