Small but Significant: Ransomware Attack on New York's Legislative Bill Drafting Commission
Incident Date:
April 26, 2024
Overview
Title
Small but Significant: Ransomware Attack on New York's Legislative Bill Drafting Commission
Victim
Legislative Bill Drafting Commission
Attacker
Play
Location
First Reported
April 26, 2024
Ransomware Attack on New York's Legislative Bill Drafting Commission by Play Group
Overview of the Attack
The Legislative Bill Drafting Commission (LBDC) of New York, a key entity in the legislative process, was recently targeted by a ransomware attack attributed to the Play ransomware group. The group claimed responsibility for infiltrating the LBDC's systems and exfiltrating sensitive data.
The attack involved the deployment of ransomware, leading to the encryption of critical data and systemsThe stolen data reportedly includes a wide array of sensitive information ranging from client documents and payroll details to contracts and financial records.
Profile of the Victim: Legislative Bill Drafting Commission
The LBDC, located in Albany, New York, is instrumental in drafting legislation for the state. With fewer than 25 employees and an annual revenue of less than $5 million, the commission plays a crucial role in the legislative framework, making it a significant target for cybercriminals looking to disrupt governmental operations.
Vulnerabilities and Target Attractiveness
The victim's small size and the critical nature of its operations make it an attractive target for ransomware groups like Play. The commission's involvement in handling sensitive legislative documents and data can provide high leverage for cybercriminals seeking ransom payments.
Sources
- SentinelOne Labs: Hypervisor Ransomware - Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers
- Sophos News: Press and Pressure - Ransomware Gangs and the Media
- TechTarget: Definition of Ransomware
- UK Parliament Publications: National Security Strategy
- Checkpoint Cyber Hub: Ransomware
- Medium: APT73 EraLeig News - Unveiling New Ransomware Group
```
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.