ALPHV attacks Wenn Townsend

Incident Date:

May 26, 2023

World map

Overview

Title

ALPHV attacks Wenn Townsend

Victim

Wenn Townsend

Attacker

Alphv

Location

Oxford, United Kingdom

Oxfordshire, United Kingdom

First Reported

May 26, 2023

Wenn Townsend Hit by Ransomware Attack

Wenn Townsend, an English accounting firm, has been hit with a ransomware attack. BlackCat ransomware group has claimed responsibility for the incident, posting Wenn Townsend to its dark web blog page on May 26. The ransomware gang has reportedly downloaded 250GB of data from company file servers, including:

  • Internal company data such as employee's personal data, CV’s, DL’s, ID’s, SSN’s,
  • Financial reports,
  • Insurance data,
  • Credit card information, and
  • Loan data.

But Wenn Townsend has not confirmed the attack, and it is as yet unclear how much money BlackCat is demanding for the safe return of data.

About Wenn Townsend

Wenn Townsend is an accounting firm based in Oxford, England. It was founded in 1876 and was a founding member of the Institute of Chartered Accountants in England and Wales. It offers strategic partnership and advice, accounts, audits and compliance services, and day-to-day support for businesses.

BlackCat Ransomware Group

BlackCat, also known as ALPHV, is a ransomware operation that first surfaced in November 2021. It is a possible rebrand of the DarkSide ransomware gang, which was responsible for the infamous Colonial Pipeline incident in 2021. BlackCat is somewhat of a pioneer in ransomware circles, hosting their data leak site on the public internet rather than the dark web.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.