Nursery hackers say "sorry for hurting kids" and hope lives on in a dark world
The Radiant Group apologises after publishing sensitive data and images - before deleting the entire cache. Time to forgive and forget?
Hackers who shocked the world by stealing kids' pictures from a nursery chain have deleted the stolen files in what appears to be a rare but welcome act of kindness in an increasingly amoral digital world.
Last week, a gang called The Radiant Group attacked a childhood education network with schools in the UK, US and India. The cybercriminals published images of children along with their PII (Personally Identifiable Information) on their website, threatening to release more if a ransom was not paid.
Radiant claimed to have swiped pictures and private information of about 8,000 children, yet began to have second thoughts after an initial backlash in which analysts described the attack as "a new low".
It first blurred the images published on its homepage before deleting the entire cache.
"We are sorry for hurting kids," the cyber-criminals told BBC News.
A cyberattack which shocked the industry
The incident sparked public anger and industry horror, prompting security professionals to issue unusually heartfelt and emotional criticisms of the Radiant Group.
Speaking after the apparent happy ending of sorts, Graeme Stewart, head of public sector at Check Point Software, said: "This hasn’t been the biggest cyber-attack in terms of volume, but it is one of the darkest.
"The horror it has generated shows just how far over the line these criminals went. For the first time in living memory, a cyber gang has backed down because of sheer public revulsion.
"Parents don’t care when a luxury retailer gets hacked, but they do when children are targeted. That’s why this story has cut through, and rightly so. But while the hackers may have retreated, families cannot take comfort. Once images and data are taken, they can be copied and spread in ways nobody wants to imagine.
"Nobody goes on the dark web for positive reasons. This is why we need far stronger cyber hygiene across the board. It’s no longer enough to rely on patchy, voluntary standards; we need MPs and the Government to push for a baseline level of protection for every organisation that holds children’s data."
Nursery ransomed, parents threatened
The Radiant Group allegedly asked the nursery chain to pay a ransom of £600,000.
Crooks claiming to be members of the gang also targeted parents (although it's tricky to prove whether these were members of the group or simply enterprising, opportunist criminal freelancers taking advantage of the situation).
Sky News reported that Radiant did not feel remorse about the attack and said: "The fact it involves children, doesn't influence anything."
The company has not yet thoroughly discussed the incident. We've decided not to name the nursery chain because we are legally over-cautious.
In a statement, it said: "We recently identified and responded to a cyber incident. We are working with external specialists to investigate and determine what happened in more detail.
"We swiftly informed both our families and the relevant authorities and continue to liaise closely with them."
Radiant reportedly paid an initial access broker money to open up a backdoor in the chain's system. You can read more about their work at the link below.
READ MORE: Inside the shadowy world of dark web Initial Access Brokers
Although most media outlets are still hammering the Radiant Group, we think its decision to delete the data should be noted as a rare moment of decency in an illicit industry that's not exactly known for being warm and touchy-feely.
Yes, it's not very nice to attack a nursery and put kids' images on the dark web (which is something of an understatement). That was despicable.
And it's clearly appalling to then target parents and threaten to release stolen images unless they pay up (if, indeed, it was actually the Radiant Group that did this).
But it is good to listen to the public and change your mind when faced with opposition or outrage. If only leaders would do the same a bit more often.
We believe that the Radiant Group should get at least some credit for lighting a candle in this dark world. If it really has deleted those files and apologised, it deserves our respect and perhaps even forgiveness.
Although you might think differently if (or when) it attacks your business...
We'll have to see what the gang does next before deciding whether Radiant is a genuine ray of light, or just a brief flicker in an abiding darkness.
