RansomHouse Ransomware Hits Lake Washington Institute of Technology
Incident Date:
July 31, 2024
Overview
Title
RansomHouse Ransomware Hits Lake Washington Institute of Technology
Victim
Lake Washington Institute of Technology
Attacker
Ransomhouse
Location
First Reported
July 31, 2024
RansomHouse Ransomware Attack on Lake Washington Institute of Technology
Lake Washington Institute of Technology (LWTech), a prominent public institute in Kirkland, Washington, has recently fallen victim to a ransomware attack orchestrated by the notorious group known as RansomHouse. The breach, which occurred on June 15, led to the encryption of approximately 200GB of data, significantly compromising the institute's files.
About Lake Washington Institute of Technology
Founded in 1949, LWTech is the only public institute of technology in Washington state. It serves nearly 10,000 students annually, offering a wide range of educational programs, including 12 bachelor's degrees, 42 associate degrees, and 70 professional certificates across 41 areas of study. The institution is particularly noted for its focus on STEM fields such as Science, Technology, Engineering, and Math. LWTech is committed to inclusivity and diversity, providing various support services to students from underrepresented backgrounds.
Attack Overview
The ransomware attack has severely impacted LWTech's operations. The attackers have provided proof of the data breach but have not yet released the entire dataset, indicating that the disclosure of the stolen data may hinge on ongoing negotiations between the institute and the cybercriminals. LWTech, with a reported revenue of $45.7 million and a workforce of 538 employees, is currently assessing the full scope and impact of the attack.
About RansomHouse
RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together." However, their actions are still considered an extortion scheme. RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive.
Penetration Tactics
RansomHouse typically exploits vulnerabilities in corporate networks to gain access and steal data. They maintain a data leak site to pressure victims into paying ransoms. The group claims to be "penetration testers" finding vulnerabilities, but their primary goal is to force organizations to pay for their services. The exact method of penetration in the LWTech attack is still under investigation, but it likely involved exploiting existing security weaknesses within the institute's network.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.