Ransomware Attack on Instadriver by Kill Security

Instadriver, a Kenyan startup operating as a driver-employer marketplace, has recently been targeted by the ransomware group Kill Security. The attack has resulted in the compromise of sensitive data, including drivers' IDs, passport scans, and other private information. The attackers have threatened to publish the entire database dump within 14–15 days if their ransom demands of $5,000 are not met.

About Instadriver

Instadriver, launched in 2020 and headquartered in Nairobi, Kenya, aims to bridge the gap between reliable employers and skilled drivers. The platform facilitates quick and efficient hiring processes, allowing employers to connect with verified drivers in under 10 minutes. Instadriver also incorporates social media elements tailored specifically for drivers, enabling them to create professional profiles, network with peers, and access job opportunities. Additionally, the platform offers features that support fleet management for transport companies, enhancing its utility for businesses in the mobility sector.

With a small team of 2 to 10 employees, Instadriver focuses on digitizing and democratizing the driver recruitment process across Africa. The company has received grants but lacks significant investment disclosures, making it a unique player in the driver recruitment market.

Attack Overview

The ransomware attack on Instadriver was orchestrated by Kill Security, a cybercriminal group known for targeting various industries and countries. The attackers claim to have obtained sensitive data from Instadriver and are demanding a ransom of $5,000 to prevent the data from being made publicly available. The compromised data includes drivers' IDs, passport scans, and other private information, posing a significant risk to the affected individuals and the company's reputation.

About Kill Security

Kill Security, also known as KillSec, is a ransomware group that has targeted various industries, including government, manufacturing, defense, professional services, banking, and finance. The group is known for its extensive targeting and significant extortion amounts, ranging from 1,500 EUR to 10,000 EUR. Kill Security uses a variety of communication channels, including Telegram, Session Messenger, and Tox, and conducts its operations using XMR (Monero) cryptocurrency.

The group has been active in carrying out ransomware attacks across multiple countries, including Romania, the United States, Bangladesh, India, and the United Kingdom. Kill Security is tracked and monitored by various cybersecurity platforms, including ID Ransomware and Ransom-DB.

Penetration and Vulnerabilities

While the exact method of penetration used by Kill Security in the Instadriver attack is not publicly disclosed, common vulnerabilities that ransomware groups exploit include weak passwords, unpatched software, and phishing attacks. Given Instadriver's small team and limited resources, it is possible that the company may have had gaps in its cybersecurity defenses, making it an attractive target for threat actors like Kill Security.

• Instadriver Official Website
• Digilogic Africa - Instadriver
• WatchGuard - Kill Security
• ID Ransomware