Instadriver Hit by Ransomware Attack: Sensitive Data at Risk
Incident Date:
August 22, 2024
Overview
Title
Instadriver Hit by Ransomware Attack: Sensitive Data at Risk
Victim
Instadriver
Attacker
Killsec
Location
First Reported
August 22, 2024
Ransomware Attack on Instadriver by Kill Security
Instadriver, a Kenyan startup operating as a driver-employer marketplace, has recently been targeted by the ransomware group Kill Security. The attack has resulted in the compromise of sensitive data, including drivers' IDs, passport scans, and other private information. The attackers have threatened to publish the entire database dump within 14–15 days if their ransom demands of $5,000 are not met.
About Instadriver
Instadriver, launched in 2020 and headquartered in Nairobi, Kenya, aims to bridge the gap between reliable employers and skilled drivers. The platform facilitates quick and efficient hiring processes, allowing employers to connect with verified drivers in under 10 minutes. Instadriver also incorporates social media elements tailored specifically for drivers, enabling them to create professional profiles, network with peers, and access job opportunities. Additionally, the platform offers features that support fleet management for transport companies, enhancing its utility for businesses in the mobility sector.
With a small team of 2 to 10 employees, Instadriver focuses on digitizing and democratizing the driver recruitment process across Africa. The company has received grants but lacks significant investment disclosures, making it a unique player in the driver recruitment market.
Attack Overview
The ransomware attack on Instadriver was orchestrated by Kill Security, a cybercriminal group known for targeting various industries and countries. The attackers claim to have obtained sensitive data from Instadriver and are demanding a ransom of $5,000 to prevent the data from being made publicly available. The compromised data includes drivers' IDs, passport scans, and other private information, posing a significant risk to the affected individuals and the company's reputation.
About Kill Security
Kill Security, also known as KillSec, is a ransomware group that has targeted various industries, including government, manufacturing, defense, professional services, banking, and finance. The group is known for its extensive targeting and significant extortion amounts, ranging from 1,500 EUR to 10,000 EUR. Kill Security uses a variety of communication channels, including Telegram, Session Messenger, and Tox, and conducts its operations using XMR (Monero) cryptocurrency.
The group has been active in carrying out ransomware attacks across multiple countries, including Romania, the United States, Bangladesh, India, and the United Kingdom. Kill Security is tracked and monitored by various cybersecurity platforms, including ID Ransomware and Ransom-DB.
Penetration and Vulnerabilities
While the exact method of penetration used by Kill Security in the Instadriver attack is not publicly disclosed, common vulnerabilities that ransomware groups exploit include weak passwords, unpatched software, and phishing attacks. Given Instadriver's small team and limited resources, it is possible that the company may have had gaps in its cybersecurity defenses, making it an attractive target for threat actors like Kill Security.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.