RansomHub Ransomware Attack Exposes 1.8 TB of inLighten's Sensitive Data
Incident Date:
August 20, 2024
Overview
Title
RansomHub Ransomware Attack Exposes 1.8 TB of inLighten's Sensitive Data
Victim
inLighten
Attacker
Ransomhub
Location
First Reported
August 20, 2024
RansomHub Ransomware Attack on inLighten
InLighten, a leading provider of digital media solutions, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attack, discovered on August 21, has resulted in the theft of 1.8 TB of sensitive data from inLighten's network. RansomHub has threatened to publish the stolen data within the next 1-2 days, raising significant concerns for both the company and its clients.
About inLighten
Founded in 1989 and headquartered in Clarence, New York, inLighten specializes in digital signage, interactive kiosks, and multimedia systems. The company serves over 2,000 organizations, including educational institutions, Fortune 500 companies, and various retail and media entities. InLighten is known for its comprehensive suite of services, which includes content creation, management, and distribution through proprietary software and hardware. Their cloud-based Manager interface allows users to monitor network status, upload content, and manage presentations from any web-enabled device.
Attack Overview
The ransomware attack on inLighten has exposed vulnerabilities in the company's network security. RansomHub claims to have obtained 1.8 TB of sensitive data, which they plan to publish imminently. This breach is particularly concerning given inLighten's role in enabling clients to create, schedule, and broadcast content across private networks. The potential data leak could have far-reaching implications for both inLighten and its extensive client base.
About RansomHub
RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a particular focus on healthcare-related institutions. RansomHub's ransomware strains are written in Golang, a language choice that aligns with recent trends in the ransomware world.
Penetration and Impact
While the exact method of penetration remains unclear, it is likely that RansomHub exploited vulnerabilities in inLighten's network security. The use of Golang in their ransomware strains suggests a sophisticated approach, potentially leveraging advanced techniques to bypass traditional security measures. The impact of this attack is significant, as it not only compromises inLighten's data but also threatens the security and privacy of their clients' information.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.