Ransomware Attack on Popular Mental Wellness App Level SuperMind by KillSec
Incident Date:
August 22, 2024
Overview
Title
Ransomware Attack on Popular Mental Wellness App Level SuperMind by KillSec
Victim
Level SuperMind (level.game)
Attacker
Killsec
Location
First Reported
August 22, 2024
Ransomware Attack on Level SuperMind by Kill Security Group
Level SuperMind, an innovative app designed to enhance mental performance through mindfulness and wellness practices, has fallen victim to a ransomware attack by the notorious Kill Security group. The app, developed by Level Fittech Private Limited, aims to make mental fitness as culturally relevant as physical fitness, offering a comprehensive suite of features to improve focus, creativity, memory, and overall cognitive function.
Company Overview
Founded in 2021 in Mumbai, India, by Harshil Karia, Ranveer Allahbadia, and Ayush Anand, Level SuperMind has quickly gained recognition in the wellness and fitness services sector. The app has been named Google's Best App on Play in India for 2023, reflecting its popularity and positive impact on users. With over 800,000 downloads and an impressive average rating of 4.8 from more than 10,000 consumer ratings, the app stands out for its use of artificial intelligence to personalize user experiences and gamify engagement.
Attack Overview
The ransomware group Kill Security has claimed responsibility for the attack on Level SuperMind. The group has reportedly exfiltrated sensitive data, including full names, email addresses, passwords, device information, IP addresses, geolocation, payment details, and operational data. The attackers have demanded a ransom of $25,000, with a deadline set for September 5. Kill Security has threatened to publish the stolen data within 14–15 days if their demands are not met.
About Kill Security
Kill Security, also known as KillSec, is a ransomware group known for targeting various industries and countries. The group has been active in sectors such as government, manufacturing, defense, professional services, banking, finance, and sports. They use a variety of communication channels, including Telegram, Session Messenger, and Tox, and prefer Monero (XMR) cryptocurrency for ransom payments. The group is tracked by cybersecurity platforms like ID Ransomware and Ransom-DB.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is likely that Kill Security exploited vulnerabilities in Level SuperMind's cybersecurity infrastructure. Common attack vectors include phishing emails, unpatched software, and weak password policies. Given the sensitive nature of the data exfiltrated, it is evident that the attackers had access to critical systems and databases.
Impact and Implications
This attack highlights the ongoing threat of ransomware to organizations worldwide, particularly those in the software and wellness sectors. The exfiltration of sensitive user data not only jeopardizes the privacy of Level SuperMind's users but also poses significant operational and reputational risks to the company. As Level SuperMind navigates this crisis, the incident serves as a stark reminder of the importance of comprehensive cybersecurity measures.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.