Ransomware Attack on Unita Turism by MEOW Group Exposes Risks
Incident Date:
October 11, 2024
Overview
Title
Ransomware Attack on Unita Turism by MEOW Group Exposes Risks
Victim
Unita Turism
Attacker
Meow
Location
First Reported
October 11, 2024
Ransomware Attack on Unita Turism: A Closer Look at the MEOW Ransomware Group's Latest Target
Unita Turism, a leading player in Romania's hospitality sector, has recently fallen victim to a ransomware attack orchestrated by the MEOW ransomware group. This incident highlights the vulnerabilities faced by companies in the hospitality industry, particularly those with extensive data handling and customer service operations.
Unita Turism: A Pillar in Romanian Hospitality
Established in 1991 and headquartered in Timișoara, Romania, Unita Turism operates a diverse chain of 13 hotels across nine cities. The company caters to a wide range of tourism sectors, including business, leisure, and wellness tourism. With a total accommodation capacity exceeding 4,000 rooms, Unita Turism is known for its commitment to high-quality service and international hospitality standards. The company also provides travel booking and intermediation services, making it a comprehensive service provider in the tourism industry.
Details of the Ransomware Attack
The MEOW ransomware group claims to have exfiltrated 117 GB of sensitive data from Unita Turism. This breach includes a wide array of confidential information such as employee and client data, banking documents, tax declarations, and personal details like passport scans. The attackers are demanding a ransom of $40,000, marketing the stolen data as valuable for hospitality professionals and business analysts. The breach underscores the potential vulnerabilities in Unita Turism's data protection measures, despite their adherence to GDPR regulations.
MEOW Ransomware Group: A Persistent Threat
Emerging in late 2022, the MEOW ransomware group is associated with the Conti v2 ransomware variant. Known for targeting industries with sensitive data, the group employs various infection methods, including phishing emails and exploiting RDP vulnerabilities. MEOW distinguishes itself by maintaining a data leak site where they list victims who have not paid the ransom. The group uses a combination of the ChaCha20 and RSA-4096 algorithms to encrypt data, leaving behind a ransom note instructing victims to contact them for negotiations.
Potential Vulnerabilities and Penetration Methods
Given Unita Turism's extensive data handling operations, the company is an attractive target for ransomware groups like MEOW. The attack could have been facilitated through phishing emails or exploiting vulnerabilities in remote access protocols. Despite their commitment to data protection, the breach indicates potential gaps in their cybersecurity defenses, which may have been exploited by the attackers.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.