Khoo and Company Hit by Cicada3301 Ransomware Attack
Incident Date:
August 31, 2024
Overview
Title
Khoo and Company Hit by Cicada3301 Ransomware Attack
Victim
Khoo and Company, Inc
Attacker
Cicada 3301
Location
First Reported
August 31, 2024
Ransomware Attack on Khoo and Company, Inc.
Khoo and Company, Inc., a professional services firm based in San Francisco, California, specializing in accounting, tax compliance, and advisory services, has fallen victim to a ransomware attack by the cybercriminal group Cicada3301. The attack, disclosed on August 31, 2024, has compromised 150 units of data from the firm's systems, causing significant operational disruptions.
About Khoo and Company, Inc.
Founded in 2001 by Eng Kuan Khoo, CPA, Khoo and Company, Inc. operates with a small but highly qualified team of tax professionals. The firm offers a comprehensive suite of services aimed at assisting both individuals and businesses in navigating the complexities of U.S. and international tax regulations. Their services include tax preparation, planning, consulting, bookkeeping, financial statement preparation, and business advisory services. The firm is known for its personalized approach, ensuring that each client's unique circumstances are taken into account.
Attack Overview
The ransomware attack by Cicada3301 has compromised sensitive data from Khoo and Company's systems. The breach threatens to undermine the trust and reliability that the firm has built with its clients over the years. The attack has exposed vulnerabilities in the firm's cybersecurity measures, highlighting the need for enhanced defenses against sophisticated cyber threats.
About Cicada3301
Cicada3301 is a new threat actor group that emerged in June 2024. Unlike traditional ransomware groups, Cicada3301 operates as a data broker, focusing on stealing sensitive data and selling it on dark web marketplaces. The group distinguishes itself by leveraging the threat of releasing stolen data to pressure organizations, although their main intent is to profit from selling the data rather than extorting ransom payments directly from the victims.
Penetration and Impact
While the exact method of penetration remains unclear, it is likely that Cicada3301 exploited vulnerabilities in Khoo and Company's cybersecurity infrastructure. The attack has caused significant operational disruptions, posing severe risks to the firm's reputation, financial stability, and client trust. The exposure of sensitive data can lead to identity theft, corporate espionage, regulatory penalties, and loss of customer trust, making the attack particularly harmful and enduring.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.