Ransomware Attack on Lutheran Foundation by Raworld: Key Details
Incident Date:
July 24, 2024
Overview
Title
Ransomware Attack on Lutheran Foundation by Raworld: Key Details
Victim
The Lutheran Foundation
Attacker
Ra World
Location
First Reported
July 24, 2024
Ransomware Attack on The Lutheran Foundation by Raworld
Overview of The Lutheran Foundation
The Lutheran Foundation, a nonprofit organization based in Indiana, USA, is dedicated to advancing Christian faith and mental wellness within communities. The Foundation supports Lutheran congregations and organizations through grants, events, and volunteer initiatives. Their mission includes enhancing volunteer engagement and service delivery, promoting mental health support, and reducing the stigma surrounding mental illness. The Foundation operates with a relatively small workforce, relying on both paid staff and volunteers.
Details of the Ransomware Attack
The Lutheran Foundation has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group known as Raworld. The attackers have compromised a variety of sensitive documents, including legal and financial records, business contracts, and employee-related files. Raworld has announced a schedule for the public release of these documents, with the first batch slated for release on July 25, 2024. This breach poses significant risks to the Foundation's operations and confidentiality, potentially leading to legal and financial repercussions.
About Raworld Ransomware Group
Raworld is an emerging ransomware group that has shown increased activity since early 2024. Originating as a rebranded version of the RA Group, Raworld employs a multi-stage attack process designed for maximum impact. They use double extortion tactics, exfiltrating sensitive data before encryption, and exploit Group Policy Objects for lateral movement. The group has targeted various sectors, including healthcare, finance, manufacturing, and retail, with a primary focus on the United States, Europe, and Southeast Asia.
Penetration and Impact
Raworld's attack on The Lutheran Foundation likely involved exploiting vulnerabilities in the Foundation's cybersecurity infrastructure. The group is known for using a custom version of the Babuk ransomware source code, implementing anti-AV measures, and employing intermittent file encryption to evade detection. The Foundation's reliance on a small workforce and volunteers may have contributed to gaps in their cybersecurity defenses, making them a target for sophisticated ransomware attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.