RansomHouse Strikes ABS-CBN with Data Exfiltration Attack

Incident Date:

May 17, 2024

World map

Overview

Title

RansomHouse Strikes ABS-CBN with Data Exfiltration Attack

Victim

ABS-CBN Broadcasting

Attacker

Ransomhouse

Location

Pacoima, Philippines

, Philippines

First Reported

May 17, 2024

Ransomware Attack on ABS-CBN by RansomHouse

Victim Overview

ABS-CBN Corporation, a leading media and entertainment company based in Quezon City, Philippines, was targeted by a ransomware attack orchestrated by the cybercriminal group RansomHouse. ABS-CBN is known for its extensive media offerings, including television and radio broadcasting, cinema, cable channels, music production, and distribution. The company operates globally and has a significant presence in various regions.

Attack Details

The attackers managed to exfiltrate a significant amount of data, totaling 500 GB, from ABS-CBN's systems. The specific types of data exfiltrated were not disclosed, but the attack utilized ransomware as the method of choice.

Ransomware Group Profile: RansomHouse

RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead steals sensitive data from victims and threatens to publicly release it if a ransom is not paid. The group positions itself as a force for good, aiming to highlight companies that neglect their security measures.

How the Attack Occurred

RansomHouse distinguishes itself by focusing on data exfiltration rather than encryption. The group likely penetrated ABS-CBN's systems through vulnerabilities in their security measures, exploiting weaknesses to steal sensitive data. The attackers then used ransomware as a means to extort the company for payment.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.