You are on page 1of 6

"thedarkoverlord" Targets the Financial Industry in Next Wave of

Extortion Attacks
Cybersecurity Intelligence Subscription Program
September 27, 2016
Email:

info@flashpoint-intel.com

“thedarkoverlord” Targets the Financial Industry
September 27, 2016
"

"thedarkoverlord" Targets the Financial Industry in Next Wave of
Extortion Attacks
September 27, 2016

Key Takeaways
• On September 25, 2016, “thedarkoverlord,” a notorious threat actor behind the recent extortion
attempts of several healthcare organizations, gained access to highly-sensitive information from
WestPark Capital investment firm.
• Richard Rappaport, the CEO of WestPark Capital, refused the actor’s blackmail demands, and as a
result, partial information was released to the public by thedarkoverlord.
• Flashpoint identified thirteen currently affected organizations across multiple industries.
• Based on publicly available information, at least thirty-five organizations could be affected by the
breach.

Background
Based on a statement released by actor “thedarkoverlord” (also known as “TheDarkOverlord”) via the actor’s
Pastebin site, Richard Rappaport, CEO of Los Angeles-based WestPark Capital, a full-service investment
firm, became the thedarkoverlord’s most recent extortion victim and is refusing to pay off the criminal.
In an attempt to "persuade" the non-complying CEO to pay an undisclosed ransom payment,
thedarkoverlord released a small batch of files pertaining to a variety of the firm’s current and previous
business partners. thedarkoverlord’s statement includes the following explanation:
we are releasing a select few documents belonging to WestPark Capital located in the Los Angeles,
California, United States area. WestPark Capital is a "full service investment banking and securities
brokerage firm" whose CEO, Richard Rappaport, spat in our face after making our signature and quite
frankly, handsome, business proposal and so our hand has been forced.

" of 5
1
"

flashpoint-intel.com | 888.468.3598

“thedarkoverlord” Targets the Financial Industry
September 27, 2016
"

Image 1: The sample of compromised information (transaction amounts redacted).
Analysis of the leaked files has identified highly sensitive information pertinent to the following organizations:
• WestPark Capital – Business Development meeting agenda
• SC FB HOLDINGS, LLC – Private offerings of Facebook Securities
• Calidant Capital,LLC – Non-disclosure/Non-circumvention agreement
• Houston American Energy Corporation – Share Buyback Agreement (agent)
• AgION, LLC – Background and reputation investigation of the company's directors
• DivorceForce LLC – Securities Sale Escrow Agreement
• Intra-Asia Entertainment Corporation – Background and reputation investigation of the company's
directors
• JV Holdings, LLC – Recommendation letter from J.P. Morgan Private Bank
• Pivot Pharmaceuticals, Inc. – Non-disclosure/Non-circumvention agreement
• Roth Capital Partners – Underwriter Invitation Wire
• TroyGould Attorneys – Legal paperwork
• Corporate Stock Transfer Rights Agent to Tandon Digital, Inc. – Bank Statement
• WindStream Technologies, Inc. – Executive Investment Summary
• Zyppah, Inc. – Private Placement Memorandum

" of 5
2
"

flashpoint-intel.com | 888.468.3598

“thedarkoverlord” Targets the Financial Industry
September 27, 2016
"

Further analysis of publicly available information determined at least thirty-five organizations that may have
been exposed by the breach.

Image 2: The list of organizations across industries potentially exposed by the breach.

Assessment
At the time of this writing, it is unclear if WestPark Capital has complied with criminal demands to protect the
remaining clients; however, Flashpoint will continue to closely monitor the situation and will promptly issue
updates regarding any new developments.

Sources
• hxxp://www[.]wpcapital[.]com/

" of 5
3
"

flashpoint-intel.com | 888.468.3598

“thedarkoverlord” Targets the Financial Industry
September 27, 2016
"

• Pastebin[.]com
• hxxps://fpcyber[.]com/reports/flash-thedarkoverlord-leaks-seventeen-documents-belonging-towestpark-capital
• Paste Site Collection
• hxxps://fpcyber[.]com/reports/flash-thedarkoverlord-returns-extorts-hospital-network-in-oklahoma


" of 5
4
"

flashpoint-intel.com | 888.468.3598

“thedarkoverlord” Targets the Financial Industry
September 27, 2016
"

"

" of 5
5
"

flashpoint-intel.com | 888.468.3598