Ransomware Attack Disrupts LRN Corporation's Operations
Incident Date:
August 3, 2024
Overview
Title
Ransomware Attack Disrupts LRN Corporation's Operations
Victim
LRN Corporation
Attacker
Hunters International
Location
First Reported
August 3, 2024
Ransomware Attack on LRN Corporation by Hunters International
LRN Corporation, a prominent American company specializing in ethics and compliance training, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as Hunters International. The attack has led to significant operational disruptions and compromised the company's data and systems.
About LRN Corporation
Founded in 1994, LRN Corporation initially focused on providing legal knowledge and analysis services under the name Legal Research Network. Over time, the company expanded its offerings to include ethics and compliance training, aiming to promote ethical awareness across organizations. LRN's core mission is to help organizations foster ethical cultures that go beyond mere compliance with regulations. The company serves over 30 million learners annually and has a global presence, with offices in New York City, London, and India. LRN's services include analyzing corporate cultures, rewriting codes of conduct, and delivering ethical-compliance education through various mediums.
Attack Overview
The ransomware attack on LRN Corporation was claimed by Hunters International via their dark web leak site. The attack has compromised the company's data and systems, leading to significant operational disruptions. Hunters International has demanded a ransom in exchange for the decryption key needed to restore access to the affected files. The exact amount of the ransom has not been disclosed.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group by law enforcement agencies. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International's ransomware code contains approximately 60% overlap with samples of Hive ransomware version 61, indicating a shared technical lineage. The group's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.
Penetration and Vulnerabilities
While the exact method of penetration used by Hunters International to compromise LRN Corporation's systems is not publicly disclosed, it is likely that the group exploited common vulnerabilities such as unpatched software, weak passwords, or phishing attacks. LRN Corporation's extensive global operations and large-scale data handling make it a lucrative target for ransomware groups. The company's focus on ethics and compliance training, while crucial, may not have been sufficient to prevent sophisticated cyber threats like those posed by Hunters International.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.