Well-Known Ransomware Gang Strikes Three Companies in the US and Canada

Published at: June 17, 2020

Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third.

The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store.

First target of the week: an accounting company

The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, databases, data for logging into client banks, and audit results of companies.

Some usernames and passwords belonging to clients are available on REvil’s blog, together with security questions from the leaked login information.

Although there is no official confirmation from the company, it would appear that they have not paid the requested ransom. The group often asks for Monero (XMR) or Bitcoin (BTC) as payment for their ransoms.

Documents belonging to the duty-free store, ZEGG, were also reportedly leaked, according to a message addressed to Oliver Zegg, one of the store’s owners.

U.S.-based real estate broker threatened

REvil threatened to leak data from the third company, Strategic Sites LLC, if they fail to reach an agreement with the gang.

Speaking with Cointelegraph regarding Goodman Mintz LLP’s attack, Brett Callow, threat analyst and ransomware expert at malware lab Emsisoft, warned that at this point, REvil is attempting to extort money from the firm. He says that the data may be auctioned if the firm does not pay.

Callow added:

“Ransomware incidents have morphed into data breaches that represent a risk not only to the target company, but also to its clients and business partners. The data that is stolen in these attacks may be sold or traded with other criminal enterprises and used for spear phishing, identity theft and various other forms of fraud. In other words, one crime can result in many.”

Recently, Cointelegraph reported about a US-based independent advisory firm specializing in the consumer and retail sectors that was attacked by ransomware gang, Maze.

Tags
Related Posts
University of Utah Pays Ransomware Gang to Prevent Student Data Leak
The University of Utah’s College of Social and Behavioral Science confirmed that they were hit by a ransomware attack on July 19. According to a statement issued by the University, the gang left many computers inaccessible for several hours as staff took servers offline to prevent the malware from spreading to other machines on the school’s network. Following internal discussion, officials decided to work with the school’s cyber insurance provider to pay a $457,059 ransom in order to prevent a data leak. Staff from the university clarified that the insurance policy paid part of the ransom and they covered the …
Technology / Aug. 22, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Knoxville Is the Latest American City to Suffer a Ransomware Attack
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Technology / June 15, 2020
Michigan State University Hit by Ransomware, Refuses to Pay Criminals
In early June, media outlets reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents. The university’s officials now have said that they will not pay the ransom. According to Detroit Free Press, the unspecified bounty requested in crypto by the ransomware group will not be paid by MSU. Officials did not publish an official statement addressing the reasons behind the decision. The attack seems to have happened on the U.S. Memorial Day holiday. It shut down the MSU’s computer systems, and breached its …
Technology / June 11, 2020
Ransomware Attack Targets Victoria Beckham’s Personal Data
Ransomware gang, Maze, strikes again. This time, the victim is a US-based independent advisory firm specializing in the consumer and retail sectors. They have a number of big clients including businesswoman and former Spice Girl, Victoria Beckham. Maze’s official dark web blog lists Threadstone Advisors, LLC as one of their victims following an attack within the last 24 hours. Threadstone Advisors, LLC worked with Victoria Beckham to establish an investment liaison with NEO investment partners. Among the advisory firm’s clients are Charles S. Cohen, Pittsburgh Brewing Co., and Xcel Brands. Stolen data leak is “coming soon” As of press time, …
Technology / June 11, 2020