RansomHub Hits Prasarana Malaysia Berhad: 316 GB Data Stolen in Cyberattack
Incident Date:
August 25, 2024
Overview
Title
RansomHub Hits Prasarana Malaysia Berhad: 316 GB Data Stolen in Cyberattack
Victim
Prasarana Malaysia Bhd
Attacker
Ransomhub
Location
First Reported
August 25, 2024
RansomHub Targets Prasarana Malaysia Berhad in Ransomware Attack
Prasarana Malaysia Berhad, a cornerstone in Malaysia’s public transportation sector, has recently fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 316 GB of data from Prasarana’s internal systems, threatening to publish the stolen information if their ransom demands are not met by September 1st.
About Prasarana Malaysia Berhad
Established in 1998 under the Ministry of Finance, Prasarana Malaysia Berhad is a wholly-owned government entity responsible for managing and enhancing Malaysia's public transportation infrastructure. The company operates key transportation networks, including Light Rail Transit (LRT) systems, the Kuala Lumpur Monorail, and Mass Rapid Transit (MRT) lines. Additionally, Prasarana manages bus services across Kuala Lumpur, Selangor, Penang, and Pahang, serving millions of commuters daily. The company is headquartered in Petaling Jaya, Selangor, and employs approximately 1,783 people.
Attack Overview
The ransomware attack on Prasarana was claimed by RansomHub, a relatively new but increasingly notorious ransomware group. The group has threatened to release the stolen data within six to seven days if their ransom demands are not met. Despite the breach, Prasarana has assured the public that its daily operations, including services under the RapidKL brand, remain unaffected. The company is actively working with cybersecurity experts, the National Cyber Security Agency (Nacsa), and CyberSecurity Malaysia to investigate and mitigate the impact of the attack.
About RansomHub
RansomHub is a ransomware group believed to have roots in Russia, operating as a Ransomware-as-a-Service (RaaS) entity. Affiliates of the group receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare institutions. Their ransomware strains are written in Golang, a language gaining popularity in the ransomware world for its efficiency and versatility.
Potential Vulnerabilities
Prasarana’s extensive and complex IT infrastructure, necessary for managing its vast transportation network, may have presented vulnerabilities that RansomHub exploited. The use of Golang in RansomHub’s ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures. The attack underscores the importance of stringent cybersecurity protocols, especially for critical infrastructure entities like Prasarana.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.