RansomHouse Strikes ABS-CBN with Data Exfiltration Attack
Incident Date:
May 17, 2024
Overview
Title
RansomHouse Strikes ABS-CBN with Data Exfiltration Attack
Victim
ABS-CBN Broadcasting
Attacker
Ransomhouse
Location
First Reported
May 17, 2024
Ransomware Attack on ABS-CBN by RansomHouse
Victim Overview
ABS-CBN Corporation, a leading media and entertainment company based in Quezon City, Philippines, was targeted by a ransomware attack orchestrated by the cybercriminal group RansomHouse. ABS-CBN is known for its extensive media offerings, including television and radio broadcasting, cinema, cable channels, music production, and distribution. The company operates globally and has a significant presence in various regions.
Attack Details
The attackers managed to exfiltrate a significant amount of data, totaling 500 GB, from ABS-CBN's systems. The specific types of data exfiltrated were not disclosed, but the attack utilized ransomware as the method of choice.
Ransomware Group Profile: RansomHouse
RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead steals sensitive data from victims and threatens to publicly release it if a ransom is not paid. The group positions itself as a force for good, aiming to highlight companies that neglect their security measures.
How the Attack Occurred
RansomHouse distinguishes itself by focusing on data exfiltration rather than encryption. The group likely penetrated ABS-CBN's systems through vulnerabilities in their security measures, exploiting weaknesses to steal sensitive data. The attackers then used ransomware as a means to extort the company for payment.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.