Sonoma Court Hit by Meow Ransomware Exposing Sensitive Data
Incident Date:
October 8, 2024
Overview
Title
Sonoma Court Hit by Meow Ransomware Exposing Sensitive Data
Victim
The Superior Court of California County of Sonoma
Attacker
Meow
Location
First Reported
October 8, 2024
Ransomware Attack on Sonoma County Superior Court by Meow Group
The Superior Court of California, County of Sonoma, has become the latest victim of a ransomware attack, reportedly orchestrated by the Meow ransomware group. This attack highlights the vulnerabilities faced by governmental institutions in the digital age, particularly those handling sensitive legal data.
Victim Profile: Sonoma County Superior Court
The Superior Court of California, County of Sonoma, is a pivotal judicial entity within the state, responsible for adjudicating a wide range of cases, including civil, criminal, family, probate, and juvenile matters. Located in Santa Rosa, California, the court operates from multiple facilities, including the Hall of Justice and the Civil and Family Law Courthouse. The court is known for its commitment to modernization, having implemented a web-based case management system to streamline operations and enhance accessibility. Despite these advancements, the court's reliance on digital systems may have exposed it to cyber threats.
Details of the Ransomware Attack
The Meow ransomware group claims to have exfiltrated approximately 5 GB of sensitive data from the court's systems. This data reportedly includes employee records, client details, scanned payment documents, personal information such as Social Security numbers, and criminal records. The attackers have set a ransom of $20,000 for exclusive access to the data, with an alternative offer to sell it to multiple buyers for $100,008. The breach could have significant implications for the court's operations and the privacy of individuals involved in its cases.
Meow Ransomware Group: A Persistent Threat
Emerging in late 2022, the Meow ransomware group is associated with the Conti v2 ransomware variant. Known for targeting industries with sensitive data, the group employs various infection methods, including phishing emails and exploiting Remote Desktop Protocol vulnerabilities. Meow distinguishes itself by maintaining a data leak site where it lists victims who have not paid the ransom. The group has been particularly active in the United States, with a focus on sectors like healthcare and government.
Potential Vulnerabilities and Penetration Methods
The attack on the Sonoma County Superior Court underscores the vulnerabilities inherent in digital transformation efforts. While the court's adoption of a web-based case management system enhances efficiency, it also presents potential entry points for cybercriminals. The Meow group likely exploited these vulnerabilities through sophisticated techniques, such as phishing or exploiting unpatched software, to gain access to the court's sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.