Ransomware Attack Hits Ryland Peters & Small and CICO Books, Data Compromised
Incident Date:
August 22, 2024
Overview
Title
Ransomware Attack Hits Ryland Peters & Small and CICO Books, Data Compromised
Victim
Ryland Peters & Small and CICO Books
Attacker
APT73
Location
First Reported
August 22, 2024
Ransomware Attack on Ryland Peters & Small and CICO Books by APT73
Ryland Peters & Small and CICO Books, renowned independent publishers specializing in beautifully illustrated books, have become the latest victims of a ransomware attack orchestrated by the emerging ransomware group APT73. The attack has compromised 447 MB of sensitive data, including logins, emails, passwords, and important documents, posing a significant risk to the publisher's internal operations and the privacy of their clients and partners.
Company Profile
Ryland Peters & Small and CICO Books are known for their high-quality publications across various genres, including home and garden, food and drink, crafts, health, and children's literature. The company collaborates with top authors, photographers, and stylists to create visually stunning books that inspire creativity and enhance the reader's lifestyle. With an estimated revenue of around $5.5 million, the company operates as a small to medium-sized enterprise with a significant presence in both the UK and international markets.
Attack Overview
The ransomware group APT73 has claimed responsibility for the attack via their dark web leak site, ERALEIGNEWS. The compromised data includes sensitive information such as logins, emails, passwords, and important documents. This breach not only threatens the security of the publisher's internal operations but also poses a significant risk to the privacy of their clients and partners. The attack underscores the increasing vulnerability of creative and independent businesses to sophisticated cyber threats.
About APT73
APT73 is a relatively new ransomware group that has recently surfaced in the cyber threat landscape. The group exhibits similarities to the LockBit ransomware variant, particularly in its data leak site design and operational tactics. APT73 primarily targets organizations through phishing attacks, compromising systems to deploy ransomware. The group operates a TOR-based data leak site named "ERALEIGNEWS" for leaking stolen data, employing a LockBit-styled approach. Despite some amateurish traits, APT73 poses a significant threat to organizations, leveraging sophisticated ransomware tactics reminiscent of established threat actors.
Penetration Tactics
APT73 likely penetrated Ryland Peters & Small and CICO Books' systems through phishing attacks, a common tactic used by ransomware groups to gain initial access. Once inside, the attackers deployed ransomware to encrypt sensitive data and exfiltrated it to their data leak site. The lack of active mirrors for their data leak site indicates a somewhat amateurish approach compared to more established ransomware groups, but the impact of their attacks remains severe.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.