Ransomware Attack Hits Bucharest's STB SA, KillSec Demands Ransom
Incident Date:
July 30, 2024
Overview
Title
Ransomware Attack Hits Bucharest's STB SA, KillSec Demands Ransom
Victim
Societatea de Transport Bucuresti STB SA
Attacker
Killsec
Location
First Reported
July 30, 2024
Ransomware Attack on Societatea de Transport Bucuresti STB SA by KillSec
Societatea de Transport București STB SA, the primary public transportation operator in Bucharest, Romania, has recently fallen victim to a ransomware attack orchestrated by the notorious group KillSec. The attack has compromised the company's website, STB.ro, and the cybercriminals are demanding a ransom of 5000 EUR to erase the data breach.
About Societatea de Transport București STB SA
STB SA is a significant entity in the transportation sector, responsible for public transport in Bucharest and Ilfov County. Established in 2019 after reorganizing the former Regia Autonomă de Transport București (RATB), the company aims to enhance public transport services and modernize existing infrastructure. STB SA operates an extensive network of buses, trams, and trolleybuses, serving approximately 1.18 million rides daily. The company employs over 10,001 individuals and generates an annual revenue of around $290.6 million.
Attack Overview
The ransomware group KillSec has claimed responsibility for the attack on STB SA via their dark web leak site. The breach has put significant pressure on the public transport operator to comply with the ransom demands to prevent further data compromise. The attack has highlighted vulnerabilities in STB SA's digital infrastructure, particularly in their online services, which include mobile applications and online ticket purchasing systems.
About KillSec
KillSec, also known as Kill Security, is a ransomware group known for targeting various industries, including government, manufacturing, defense, professional services, banking, and finance. The group has been active in multiple countries, including Romania, the United States, Bangladesh, India, and the United Kingdom. KillSec is known for its use of sophisticated communication methods, including Telegram, Session Messenger, and Tox, and demands ransom payments in Monero (XMR) cryptocurrency.
Penetration and Distinguishing Features
KillSec distinguishes itself through its extensive targeting and significant extortion amounts, which can range from 1,500 EUR to 10,000 EUR. The group likely penetrated STB SA's systems through vulnerabilities in their digital infrastructure, possibly exploiting weaknesses in their online services or through phishing attacks. The lack of a decryptor for KillSec ransomware further complicates the situation for victims, making it challenging to recover encrypted data without paying the ransom.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.