MetaEncryptor Ransomware Breach Exposes 176 GB of MBE CPAs' Sensitive Data

Incident Date:

June 14, 2024

World map

Overview

Title

MetaEncryptor Ransomware Breach Exposes 176 GB of MBE CPAs' Sensitive Data

Victim

MBE CPAs, LLP

Attacker

MetaEncryptor

Location

Chandler, USA

Arizona, USA

First Reported

June 14, 2024

MetaEncryptor Ransomware Attack on MBE CPAs, LLP

Overview of MBE CPAs, LLP

MBE CPAs, LLP, headquartered in Baraboo, Wisconsin, is a professional accounting firm offering a wide range of financial and advisory services. With an estimated annual revenue of $21.9 million and a workforce of 132 employees, the firm provides services such as tax preparation, auditing, business consulting, and wealth management. MBE CPAs is known for delivering personalized, industry-specific solutions to help clients achieve their financial goals and improve operational efficiency.

Details of the Ransomware Attack

On a recent occasion, MBE CPAs, LLP fell victim to a ransomware attack orchestrated by the MetaEncryptor group. The attackers claim to have exfiltrated 176 GB of sensitive data from the firm's systems. The breach was announced on MetaEncryptor's dark web leak site, raising concerns about the potential exposure of confidential client information.

About MetaEncryptor

MetaEncryptor is a ransomware operation that emerged in August 2022. The group is believed to have rebranded as LostTrust in September 2023, following a hiatus in activity. MetaEncryptor's ransomware is based on the SFile2 encryptor, sharing significant code overlap with LostTrust. The group distinguishes itself by using a data leak site with a template identical to LostTrust's, suggesting a direct lineage between the two operations.

Potential Vulnerabilities and Penetration Methods

While specific details of how MetaEncryptor penetrated MBE CPAs' systems remain undisclosed, common vulnerabilities in the accounting sector include outdated software, weak password policies, and insufficient network segmentation. Given MetaEncryptor's history, it is likely that the group exploited one or more of these vulnerabilities to gain access to the firm's data.

Implications for MBE CPAs, LLP

The attack on MBE CPAs underscores the growing threat of ransomware to professional services firms. The potential exposure of sensitive financial data could have severe repercussions for the firm's clients and its reputation. This incident highlights the critical need for robust cybersecurity measures in the accounting industry.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.