Donut Leaks Ransomware Targets Agilitas IT Solutions Limited

The Donut Leaks ransomware has attacked Agilitas IT Solutions Limited. Agilitas IT Solutions Limited is a UK-based company specializing in IT channel services and support solutions. They serve technology resellers, managed service providers, and other IT service companies. Agilitas IT Solutions offers services such as IT inventory management, hardware maintenance, spare parts logistics, and technical support. They work closely with IT resellers and service providers to enhance their operational efficiency and customer satisfaction. The company plays a vital role in the IT supply chain, ensuring that necessary hardware components and replacement parts are readily available to support their partners in delivering top-notch services to their clients.

Details of the Attack

Donut Leaks posted Agilitas IT Solutions Limited to its data leak site on September 14th but provided no further details. Researchers first identified the Donut Leaks extortion group when an employee of one of the victims revealed that the corporate network had been breached by threat actors seeking to steal data. After successfully pilfering the data, the threat actors proceeded to email the victims' business partners and employees with URLs to their Tor extortion sites.

The Nature of Donut Leaks' Operations

These Tor sites consist of two components: a shaming blog and a data storage site. Visitors to these sites can freely browse and download all the stolen and leaked data. The stolen data storage server operates using the File Browser application, enabling visitors to navigate through the stolen data categorized by victim. It remains unclear whether the threat actors deploy ransomware during their network breaches or if they solely operate as a data extortion group. However, Sheppard Robson, a victim, did disclose that their recent attack involved ransomware. Researchers also believe that Donut Leaks could be an offshoot of the Ragnar Locker and Hive ransomware gangs.