RansomHub Ransomware Attack Threatens City of Newcastle, Washington's Data Security

Incident Date:

July 18, 2024

World map

Overview

Title

RansomHub Ransomware Attack Threatens City of Newcastle, Washington's Data Security

Victim

The City of Newcastle Washington

Attacker

Ransomhub

Location

Newcastle, USA

Washington, USA

First Reported

July 18, 2024

RansomHub Claims Ransomware Attack on The City of Newcastle, Washington

Overview of the Attack

The City of Newcastle, Washington, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group RansomHub. The attackers have claimed possession of the city's confidential data and have issued a stark warning. They have threatened to publish or sell the stolen data if the city does not respond to their demands. The message from RansomHub suggests that the city should contact individuals named Rob Roscoe or Tiffany Woods for further instructions and insurance details. The hackers have set a timer, after which they plan to release a series of damaging articles to the media, promising wide publicity and significant harm to the city's reputation.

About The City of Newcastle

The City of Newcastle, Washington, is a vibrant community that blends urban convenience with a small-town atmosphere. Incorporated in 1994, the city is located in King County and has a population of approximately 12,902 residents as of 2022. Newcastle operates under a Mayor-Council system, providing essential services such as public safety, public works, parks and recreation, and community development. The city is well-known for its rich history as a former coal mining hub and has evolved into a desirable residential area that prioritizes community engagement and quality of life.

RansomHub: The Ransomware Group

RansomHub is a relatively new ransomware group that has recently emerged in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world.

Potential Vulnerabilities

The City of Newcastle's reliance on digital infrastructure for its administrative functions and public services makes it a prime target for ransomware attacks. The city's website, http://www.newcastlewa.gov, serves as a central hub for residents to access various services, including permits, job postings, and community news updates. This digital dependency, coupled with the city's commitment to community engagement and public events, may have exposed vulnerabilities that RansomHub exploited to penetrate the city's systems.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.