RansomEXX Ransomware Hits Brontoo Tech, 3.6GB Data Stolen
Incident Date:
August 10, 2024
Overview
Title
RansomEXX Ransomware Hits Brontoo Tech, 3.6GB Data Stolen
Victim
Brontoo Technology Solutions
Attacker
Ransomexx
Location
First Reported
August 10, 2024
RansomEXX Ransomware Attack on Brontoo Technology Solutions
Brontoo Technology Solutions, a software development and IT consulting firm based in India, has recently fallen victim to a ransomware attack orchestrated by the notorious group RansomEXX. The attack has resulted in the exfiltration of 3.6GB of highly sensitive data, including financial records, customer information, and partner credentials.
About Brontoo Technology Solutions
Founded in 2015, Brontoo Technology Solutions is a small to medium-sized enterprise (SME) specializing in custom software development, IT consulting, and digital transformation services. The company is known for its client-centric approach, leveraging technology to drive innovation and growth for businesses across various industries. Brontoo's partnerships with leading technology providers like Microsoft, AWS, and Google Cloud Platform further enhance its service offerings.
Details of the Attack
The ransomware attack on Brontoo Technology Solutions has led to the compromise of a wide array of data. This includes financial records such as bank account details, transactions, and loan information, as well as customer and user information, partner credentials, and extensive transactional data. The breach also involves system logs, error reports, and insurance and audit information, highlighting the significant potential impact on both the company's financial operations and the personal privacy of its stakeholders.
About RansomEXX
RansomEXX, also known as Sprite Spider, is a ransomware group that has been active since 2018. The group is known for targeting both Windows and Linux environments and employs a tactic known as "double extortion," where stolen data is published on their dark web leak site if the ransom is not paid. RansomEXX has been involved in high-profile attacks on major corporations and government agencies worldwide, including the Texas Department of Transportation and Ferrari.
Penetration and Vulnerabilities
RansomEXX employs sophisticated techniques to infiltrate and spread within target networks. These methods include compromised remote desktop protocol, phishing campaigns, exploiting vulnerabilities, and leveraging tools like Pyxie, Cobalt Strike, and Vatet for post-compromise activities. The specific vulnerabilities that allowed RansomEXX to penetrate Brontoo Technology Solutions' systems are not publicly disclosed, but the attack underscores the importance of vigilant cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.