Hackers Abandon Nursery Data Extortion Attempt Following Public Outcry
LONDON – A hacking group has deleted data stolen from U.K. nursery Kido following a significant public backlash and the company’s refusal to pay a ransom. The group, known as Radiant, initially demanded payment after gaining access to sensitive facts, including photographs of children. Though, they have now reportedly removed the data and appear to have lost money in the process.
This incident highlights a growing, if unusual, trend of cybercriminals backtracking on attacks, especially when facing negative publicity or when their targets refuse to negotiate. Previous instances include the Dopplepaymer ransomware gang providing a decryption key to a German hospital in 2020 after the attack contributed to a patient’s death, and both the Conti and Darkside groups offering free decryption tools or charitable donations following attacks on healthcare organizations.
Kido identified and responded to a cyber incident recently, and is working with external specialists to investigate the breach.Radiant claims to have purchased access to Kido’s systems through an “initial access broker” who had already compromised a kido staff computer. This access was then used to infiltrate Kido’s systems and steal data, a significant portion of which was taken from the nursery’s account with early years education platform Famly.
Famly has disputed Kido’s suggestion that the breach originated with their platform, stating that their security and infrastructure remain uncompromised. Kido has informed families and relevant authorities and continues to liaise with them, but did not respond to a request for comment regarding the specifics of how the data was stolen.
Radiant confirmed they paid the initial access broker for access to Kido’s system,and with Kido refusing to pay a ransom,the hackers ultimately abandoned their extortion attempt,resulting in a financial loss.
