Meow Ransomware Hits Banx Systems: 15GB Data Stolen
Incident Date:
August 6, 2024
Overview
Title
Meow Ransomware Hits Banx Systems: 15GB Data Stolen
Victim
Banx Systems
Attacker
Meow
Location
First Reported
August 6, 2024
Banx Systems Targeted by Meow Ransomware Group
Banx Systems, an IT service provider based in Auckland, New Zealand, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow ransomware group. The attack has resulted in the exfiltration of over 15 GB of sensitive data, including client information and financial documents.
About Banx Systems
Banx Systems operates under the domain banx.net.nz and specializes in delivering comprehensive IT solutions tailored to meet the needs of businesses. The company focuses on infrastructure management, proactive monitoring, and support services. Their offerings include IT support and troubleshooting, managed IT services, server and network management, desktop and laptop acquisition, and custom IT solutions. Banx Systems is known for its client-centric approach, emphasizing long-term relationships and customized solutions to support business growth and technological advancements.
Attack Overview
On August 6, the Meow ransomware group announced the breach on their dark web leak site, claiming to have exfiltrated over 15 GB of sensitive data from Banx Systems. The stolen data includes client information, financial documents, and other confidential materials. The group has listed the data for sale, offering exclusive access for $35,000 or multiple buyer access for $12,000. To substantiate their claims, Meow released several documents purportedly obtained during the breach, although some documents do not seem directly linked to Banx Systems.
About Meow Ransomware Group
Meow Ransomware emerged in late 2022 and is associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and has been highly active in 2024. They primarily target industries with sensitive data, such as healthcare and medical research. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group leaves behind a ransom note instructing victims to contact them via email or Telegram to negotiate the ransom payment.
Vulnerabilities and Penetration
Banx Systems, like many IT service providers, manages a vast array of sensitive data and IT infrastructure, making them an attractive target for ransomware groups. The company's focus on infrastructure management and proactive monitoring suggests a robust IT environment; however, the attack indicates potential vulnerabilities in their security measures. The Meow ransomware group likely exploited these vulnerabilities through phishing emails or RDP vulnerabilities, common vectors for ransomware attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.