Bennett Currie Hit by RansomHub Ransomware Stealing 375GB Data
Incident Date:
September 4, 2024
Overview
Title
Bennett Currie Hit by RansomHub Ransomware Stealing 375GB Data
Victim
Bennett Currie
Attacker
Ransomhub
Location
First Reported
September 4, 2024
RansomHub Ransomware Attack on Bennett Currie
Bennett Currie, a prominent chartered accounting firm based in Palmerston North, New Zealand, has fallen victim to a ransomware attack orchestrated by the RansomHub group. Established in 1996, Bennett Currie specializes in providing a comprehensive range of financial services, including accounting, taxation, business advisory, and software support, particularly with Xero, an online accounting platform.
Company Profile
Bennett Currie is one of the largest accounting firms in the Manawatu region, known for its personalized service and timely advice tailored to a diverse clientele. The firm employs a knowledgeable team of accountants and business advisors, which contributes to its ability to handle a wide range of financial challenges for its clients. Their commitment to integrating technology in accounting practices, especially through their partnership with Xero, positions them as leaders in the region.
Attack Overview
On September 4, 2024, RansomHub listed Bennett Currie on its dark web leak site, claiming to have stolen 375 gigabytes of data. The stolen data includes nearly 1,000 customer records, with files dating back to 2008 and as recent as 2024. The compromised information contains personal details such as IRD numbers, scanned ID documents, financial reports, tax records, and correspondence. Business customer files include financial statements, invoices, loan agreements, and property contracts.
RansomHub: A Formidable Threat
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly gained notoriety for its aggressive affiliate model and double extortion tactics. The group is known for its speed and efficiency, encrypting large datasets quickly and targeting cross-platform systems. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group has a reputation for being ruthless and efficient, combining encryption with advanced data exfiltration techniques.
Penetration and Vulnerabilities
RansomHub likely penetrated Bennett Currie's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The firm's reliance on technology and handling of sensitive financial data made it an attractive target for the ransomware group. The attack underscores the importance of stringent cybersecurity measures, especially for firms dealing with critical financial information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.