Star Taxi Romania Hit by KillSec Ransomware, Client Data at Risk

Incident Date:

August 14, 2024

World map

Overview

Title

Star Taxi Romania Hit by KillSec Ransomware, Client Data at Risk

Victim

Star Taxi Romania

Attacker

Killsec

Location

București, Romania

, Romania

First Reported

August 14, 2024

Ransomware Attack on Star Taxi Romania by KillSec

Star Taxi, a leading Romanian taxi service app, has fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group KillSec. The attack has compromised sensitive data, including client and invoice information, with the attackers demanding a ransom of $5,000.

About Star Taxi

Founded in 2012, Star Taxi has revolutionized the taxi service industry in Romania by offering a mobile application that simplifies the process of booking a taxi. The app allows users to order a taxi with just a few taps, track their ride in real-time, and communicate directly with drivers. With over five million downloads, Star Taxi operates in several major Romanian cities, including Bucharest, Cluj-Napoca, and Timișoara. The company has hundreds of registered drivers and has established itself as a significant player in the Romanian transportation sector.

Attack Overview

KillSec, a ransomware group known for targeting various industries and countries, has claimed responsibility for the attack on Star Taxi. The group has posted sample screenshots of the exfiltrated data on their Dark Web portal and has threatened to release the full dataset within 15 to 16 days if their ransom demand is not met. The compromised data includes sensitive client and invoice information, posing a significant risk to the privacy and security of Star Taxi's users.

About KillSec

KillSec, also known as Kill Security, is a ransomware group that has targeted multiple sectors, including government, manufacturing, and finance, across various countries. The group is known for its use of sophisticated communication methods, including Telegram and TOR, and demands ransom payments in Monero (XMR) cryptocurrency. KillSec has been active in carrying out ransomware attacks with extortion amounts ranging from 1,500 EUR to 10,000 EUR.

Potential Vulnerabilities

While the exact method of penetration remains unclear, it is likely that KillSec exploited vulnerabilities in Star Taxi's IT infrastructure. Common attack vectors include phishing emails, unpatched software, and weak security protocols. Given the nature of the data compromised, it is evident that Star Taxi's cybersecurity measures were insufficient to prevent such an attack.

Implications and Next Steps

The attack on Star Taxi highlights the growing threat of ransomware to businesses of all sizes. Companies must prioritize effective cybersecurity measures to protect sensitive data and mitigate the risk of such attacks. As Star Taxi navigates this crisis, it will be crucial for them to enhance their security protocols and work with cybersecurity experts to prevent future breaches.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.