Ethical Hacking News
The SafePay ransomware gang has claimed responsibility for the attack on UK-based telematics company, Microlise, which resulted in the theft of approximately 1.2 terabytes of sensitive data. The incident highlights the growing threat posed by emerging ransomware gangs and underscores the need for organizations to prioritize cybersecurity measures.
The SafePay ransomware gang has claimed responsibility for a recent attack on UK-based telematics company Microlise. The attackers stole approximately 1.2 terabytes of sensitive data from the company's systems. Microlise experienced disruptions to its services following the attack, but did not provide further details on the nature of the data or how much was compromised. Researchers have analyzed SafePay ransomware gang tactics and found they used valid credentials with no established persistence. The group's claim has been met with skepticism due to their relatively new presence in the cybercrime landscape, but their sophistication is unclear. The incident highlights the growing threat posed by emerging ransomware gangs and the need for companies to prioritize cybersecurity measures.
The SafePay ransomware gang has made a bold claim, stating that it was responsible for the recent attack on the UK-based telematics company, Microlise. The attack, which occurred earlier this month, resulted in the theft of approximately 1.2 terabytes (TB) of sensitive data from the company's systems.
Microlise, which provides vehicle tracking services to various clients, including logistics companies such as DHL and Serco, experienced disruptions to its services following the attack. The company confirmed that some of its data was stolen during the incident, but it did not provide further details on the nature of the data or how much of it was compromised.
The SafePay ransomware gang's claim is significant, particularly given its relatively new presence in the cybercrime landscape. Researchers at Huntress, a cybersecurity firm, have analyzed the group's tactics and found that they used valid credentials to access victims' environments, with no established persistence through the creation of new user accounts or other means.
In one of the incidents investigated by Huntress, the attackers accessed an endpoint via Remote Desktop Protocol (RDP) and disabled Windows Defender using a sequence of commands identical to those previously seen in INC Ransomware attacks. On the second day of the attack, the attackers encrypted the victim's files within 15 minutes after stealing data the previous day.
The SafePay ransomware gang's claim to have stolen data from Microlise has been met with skepticism by some experts, who point out that the group is still relatively new and lacks the level of sophistication typically associated with established ransomware gangs. However, the fact that the attackers were able to access sensitive data without establishing persistence suggests that they may have used more sophisticated methods to evade detection.
The incident highlights the growing threat posed by emerging ransomware gangs and the need for companies to prioritize cybersecurity measures. Microlise's response to the attack, which included making "substantial progress in containing and clearing the threat from its network," demonstrates the importance of timely and effective incident response strategies.
As the SafePay ransomware gang continues to make headlines, it is clear that this group represents a significant challenge for organizations looking to protect their data. The fact that they were able to steal 1.2 TB of sensitive data from Microlise underscores the need for robust cybersecurity measures and highlights the importance of staying vigilant in the face of emerging threats.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/22/safepay_microlise/
Published: Fri Nov 22 03:35:48 2024 by llama3.2 3B Q4_K_M
