Ransomware Attack on WT Gruber Steuerberatung GmbH by Meow Ransomware Group

WT Gruber Steuerberatung GmbH, a tax consulting firm based in Vöcklabruck, Austria, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow ransomware group. The attack has compromised over 120 GB of highly sensitive and confidential data, posing significant risks to the firm's reputation and the privacy of its clients.

About WT Gruber Steuerberatung GmbH

WT Gruber Steuerberatung GmbH is a well-regarded tax consultancy firm specializing in a wide range of services aimed at individuals and businesses. The firm offers comprehensive accounting services, including bookkeeping, payroll processing, and the preparation of annual financial statements. Additionally, they provide tax advisory services, encompassing income tax, corporate tax, and value-added tax (VAT) consulting. The firm also assists clients with tax optimization strategies to minimize tax liabilities effectively.

Another significant area of expertise for WT Gruber is business formation and restructuring. They guide clients through the process of establishing new businesses, helping to select the appropriate legal structure and preparing necessary documentation. Furthermore, they support businesses in restructuring efforts and planning for business succession. The firm also focuses on financial consulting, offering services such as budget preparation, financial planning, and investment advice.

Attack Overview

The ransomware attack on WT Gruber Steuerberatung GmbH was claimed by the Meow ransomware group via their dark web leak site. The attackers are demanding a ransom of $18,000 in exchange for access to the compromised data. The stolen data includes employee information, client details, scanned payment documents, personal data such as dates of birth and social security numbers, financial and tax documents, and tax payment records for various companies.

About Meow Ransomware Group

Meow Ransomware is a ransomware group that emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and medical research. They employ various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.

Meow Ransomware leaves behind a ransom note named "readme.txt" that instructs victims to contact the group via email or Telegram to negotiate the ransom payment. The group has been identified as the "Anti-Russian Extortion Group," likely due to their targeting of entities in response to the Russia-Ukraine war. A decryption tool called RakhniDecryptor, built upon the leaked Conti v2 source code, has been released by Kaspersky and can be used to decrypt files encrypted by Meow Ransomware.

Vulnerabilities and Impact

WT Gruber Steuerberatung GmbH's extensive handling of sensitive financial and personal data made it an attractive target for the Meow ransomware group. The breach of such extensive and sensitive information poses significant risks to the firm's reputation and the privacy of its clients. The firm's commitment to personalized consultations and tailored solutions for various client segments, including small and medium-sized enterprises (SMEs), freelancers, and professionals in the medical field, further underscores the potential impact of this attack.

• WT Gruber Steuerberatung GmbH Official Website
• SOCRadar - Dark Web Profile: Meow Ransomware
• SalvageData - Meow Ransomware
• WatchGuard - Meow Ransomware
• PCRisk - Meow Ransomware