onyx attacks Jasper County Sheriff's Office
Incident Date:
April 29, 2022
Overview
Title
onyx attacks Jasper County Sheriff's Office
Victim
Jasper County Sheriff's Office
Attacker
Onyx
Location
First Reported
April 29, 2022
Onyx Ransomware Attack on Jasper County Sheriff's Office
Victim Profile
The Jasper County Sheriff's Office, a key law enforcement agency in Jasper County, Indiana, has recently fallen victim to a cyberattack. This agency plays a crucial role in maintaining public safety and order, offering resources and services such as severe weather preparedness and emergency notifications on their website.
Ransomware Overview
Onyx, a ransomware strain identified in April 2022, is believed to be a derivative of Chaos ransomware, with similarities to Conti ransomware. It employs a double extortion tactic, threatening to publish stolen and encrypted data unless a ransom is paid, exacerbating the potential damage to its victims.
Attack Impact
Distinctively, Onyx ransomware inflicts harm by overwriting data with random junk, rendering a significant portion of the victim's data irrecoverable. This approach complicates data recovery efforts, even with the payment of a ransom and the provision of a decryption tool.
Vulnerabilities and Mitigation
While the exact method of attack by Onyx remains unspecified, potential vectors include social engineering, phishing, spam emails, or malicious attachments. Organizations are advised to adopt a comprehensive security strategy that includes anti-malware defenses, network monitoring, regular security assessments, employee training, and effective backup and recovery protocols to mitigate the risk of ransomware attacks.
Sources
- Jasper County Sheriff's Office Website: http://jaspercountypolice.com
- ManageEngine: The ransomware strain that exploits even 2MB files: Onyx
- SentinelOne: Onyx - SentinelOne
- Logstail: Onyx Ransomware: What is it and how to Face it
- eSecurityPlanet: Onyx Ransomware Destroys Large Files Instead of Locking Them
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.