Ransomware Attack on Austrian Tax Firm by Meow Group: 120GB Data Stolen
Incident Date:
August 27, 2024
Overview
Title
Ransomware Attack on Austrian Tax Firm by Meow Group: 120GB Data Stolen
Victim
WT Gruber Steuerberatung GmbH
Attacker
Meow
Location
First Reported
August 27, 2024
Ransomware Attack on WT Gruber Steuerberatung GmbH by Meow Ransomware Group
WT Gruber Steuerberatung GmbH, a tax consulting firm based in Vöcklabruck, Austria, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow ransomware group. The attack has compromised over 120 GB of highly sensitive and confidential data, posing significant risks to the firm's reputation and the privacy of its clients.
About WT Gruber Steuerberatung GmbH
WT Gruber Steuerberatung GmbH is a well-regarded tax consultancy firm specializing in a wide range of services aimed at individuals and businesses. The firm offers comprehensive accounting services, including bookkeeping, payroll processing, and the preparation of annual financial statements. Additionally, they provide tax advisory services, encompassing income tax, corporate tax, and value-added tax (VAT) consulting. The firm also assists clients with tax optimization strategies to minimize tax liabilities effectively.
Another significant area of expertise for WT Gruber is business formation and restructuring. They guide clients through the process of establishing new businesses, helping to select the appropriate legal structure and preparing necessary documentation. Furthermore, they support businesses in restructuring efforts and planning for business succession. The firm also focuses on financial consulting, offering services such as budget preparation, financial planning, and investment advice.
Attack Overview
The ransomware attack on WT Gruber Steuerberatung GmbH was claimed by the Meow ransomware group via their dark web leak site. The attackers are demanding a ransom of $18,000 in exchange for access to the compromised data. The stolen data includes employee information, client details, scanned payment documents, personal data such as dates of birth and social security numbers, financial and tax documents, and tax payment records for various companies.
About Meow Ransomware Group
Meow Ransomware is a ransomware group that emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and medical research. They employ various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.
Meow Ransomware leaves behind a ransom note named "readme.txt" that instructs victims to contact the group via email or Telegram to negotiate the ransom payment. The group has been identified as the "Anti-Russian Extortion Group," likely due to their targeting of entities in response to the Russia-Ukraine war. A decryption tool called RakhniDecryptor, built upon the leaked Conti v2 source code, has been released by Kaspersky and can be used to decrypt files encrypted by Meow Ransomware.
Vulnerabilities and Impact
WT Gruber Steuerberatung GmbH's extensive handling of sensitive financial and personal data made it an attractive target for the Meow ransomware group. The breach of such extensive and sensitive information poses significant risks to the firm's reputation and the privacy of its clients. The firm's commitment to personalized consultations and tailored solutions for various client segments, including small and medium-sized enterprises (SMEs), freelancers, and professionals in the medical field, further underscores the potential impact of this attack.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.