The Underground ransomware gang has claimed duty for an October 5 assault on Japanese tech big Casio, which brought on system disruptions and impacted a few of the agency’s providers.
Earlier this week, Casio disclosed the assault on its web site however withheld particulars in regards to the incident, saying it had engaged exterior IT specialists to research whether or not private knowledge or different confidential data was stolen within the assault.
Right this moment, the Underground ransomware group has added Casio on its darkish net extortion portal, leaking troves of information allegedly stolen from the Japanese agency.
The leaked knowledge contains:
- Confidential paperwork (社外秘)
- Authorized paperwork
- Private knowledge of staff
- Confidential NDA’s
- Worker payroll data
- Patents data
- Firm monetary paperwork
- Challenge data
- Incident experiences
If the above is true, the assault has compromised Casio’s workforce and mental property, which might negatively influence its enterprise.
Supply: BleepingComputer
BleepingComputer has contacted Casio once more requesting a touch upon the menace actors’ claims and knowledge leak, however we now have not acquired a response by publication. Subsequently, the menace actor’s claims stay unverified.
Underground ransomware overview
In response to a Fortinet report from late August 2024, Underground is a comparatively small-scale ransomware operation concentrating on Home windows methods since July 2023.
The pressure has been related to the Russian cybercrime group ‘RomCom‘ (Storm-0978), who beforehand delivered Cuba ransomware on breached methods.
Fortinet experiences that throughout the summer time, Underground ransomware operators engaged in exploiting CVE-2023-36884, a distant code execution flaw in Microsoft Workplace, seemingly used as an an infection vector.
As soon as a system is breached, the attackers modify the registry to maintain Distant Desktop periods alive for 14 days after consumer disconnection, giving them a snug window to take care of entry to the system.
Underground doesn’t append any file extensions to encrypted information, and it is configured to skip file varieties important for Home windows operation to keep away from rendering the system unusable.
Furthermore, it stops the MS SQL Server service to release knowledge for theft and encryption, maximizing the assault’s influence.
As is the case with most Home windows ransomware, Underground deletes shadow copies to make simple knowledge restoration unattainable.
Supply: Fortinet
An uncommon trait in Underground’s extortion ways is that it additionally leaks the stolen knowledge on Mega, selling hyperlinks to archives hosted there through its Telegram channel, maximizing the publicity and availability of the information.
Underground ransomware’s extortion portal at the moment lists 17 victims, most of whom are primarily based within the USA.
Whether or not or not the Casio assault would be the menace group’s breakthrough into the mainstream, adopted by the next assault quantity/tempo, stays to be seen.
