KillSec Ransomware Hits Warsaw Notaries, Data Compromised
Incident Date:
August 4, 2024
Overview
Title
KillSec Ransomware Hits Warsaw Notaries, Data Compromised
Victim
Izba Notarialna Warszawie
Attacker
Killsec
Location
First Reported
August 4, 2024
Ransomware Attack on Warsaw Chamber of Notaries by KillSec
The Warsaw Chamber of Notaries, known as Izba Notarialna w Warszawie, has recently fallen victim to a ransomware attack orchestrated by the notorious group KillSec. This attack has compromised a significant amount of sensitive data, including contracts, events, staff information, and financial records stored on the organization's servers.
About the Victim
Izba Notarialna w Warszawie is a professional organization that brings together notaries operating within the jurisdiction of a specific appellate court district. The Chamber currently comprises 733 notaries who conduct their activities either individually or in partnerships across 504 notarial offices. The Chamber serves as a regulatory and representative body for its members, ensuring adherence to legal and ethical standards in their professional activities.
Notaries in Poland, including those associated with the Warsaw Chamber, perform crucial functions such as drafting notarial deeds, authenticating documents, certifying signatures, and providing legal advice related to the preparation of documents and the execution of legal transactions. The Chamber also oversees the notarial training program, ensuring that aspiring notaries acquire the necessary knowledge and skills to perform their duties effectively.
Attack Overview
The ransomware group KillSec has claimed responsibility for the attack on the Warsaw Chamber of Notaries via their dark web leak site. The attackers have breached the notariusze.waw.pl domain, compromising a wide array of sensitive data. KillSec is demanding a ransom of 10,000 EUR in exchange for wiping the stolen data and preventing its potential misuse or exposure.
About KillSec
KillSec, also known as Kill Security, is a ransomware group that has targeted various industries and countries. The group has been active in carrying out ransomware attacks, with known victims in sectors such as government, manufacturing, defense, professional services, banking & finance, and sports & gaming. KillSec uses a variety of communication channels, including Telegram, Session Messenger, and Tox, and demands ransom payments in Monero (XMR) cryptocurrency.
Penetration and Vulnerabilities
While the exact method of penetration used by KillSec in this attack is not publicly disclosed, ransomware groups typically exploit vulnerabilities such as outdated software, weak passwords, and phishing attacks. The Warsaw Chamber of Notaries, like many organizations, may have been vulnerable due to insufficient cybersecurity measures, making it an attractive target for threat actors like KillSec.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.