Ransomware Attack by DonutLeaks Compromises All-Mode Communications' Systems
Incident Date:
July 18, 2024
Overview
Title
Ransomware Attack by DonutLeaks Compromises All-Mode Communications' Systems
Victim
All-Mode Communications
Attacker
Donutleaks
Location
First Reported
July 18, 2024
Ransomware Attack on All-Mode Communications by DonutLeaks
Overview of All-Mode Communications
All-Mode Communications, Inc., based in Freeville, New York, has been a cornerstone in the telecommunications sector since 1972. Specializing in designing and installing voice, video, and data solutions, the company serves businesses in the Central New York region. Despite its small size, with approximately five employees, All-Mode has built a reputation for providing high-quality, customized communication systems. Their offerings include both premise and cloud-based VoIP phone systems, cabling infrastructure, trunking services, and data networking solutions.
Details of the Ransomware Attack
All-Mode Communications recently fell victim to a ransomware attack orchestrated by the cybercriminal group DonutLeaks. The attack has compromised the company's data and systems, potentially leading to significant operational disruptions and financial losses. While the specifics of the ransom demand and the extent of the data breach are yet to be disclosed, the incident highlights the growing threat of ransomware attacks on small and medium-sized businesses.
About DonutLeaks Ransomware Group
DonutLeaks is a data extortion group first detected in August 2022. Known for its double-extortion tactics, the group encrypts files and leaks stolen data to extort victims. They use customized ransomware that scans for specific file extensions to encrypt, renaming encrypted files with the ".d0nut" extension. The group maintains a data storage site where stolen data is stored and can be browsed and downloaded by visitors. DonutLeaks is also known for its theatrical ransom notes and data leak site, which feature interesting graphics, humor, and ASCII art.
Potential Vulnerabilities and Penetration Methods
Given All-Mode Communications' small size and limited resources, the company may have been particularly vulnerable to sophisticated cyberattacks. Small businesses often lack the robust cybersecurity measures that larger enterprises can afford, making them attractive targets for ransomware groups like DonutLeaks. The exact method of penetration remains unclear, but common vectors include phishing emails, unpatched software vulnerabilities, and weak network security protocols.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.