Source URL: https://www.theregister.com/2024/11/22/safepay_microlise/
Source: The Register
Title: SafePay ransomware gang claims Microlise attack that disrupted prison van tracking
Feedly Summary: Fledgling band of crooks says it stole 1.2 TB of data
The new SafePay ransomware gang has claimed responsibility for the attack on UK telematics biz Microlise, giving the company less than 24 hours to pay its extortion demands before leaking data.…
AI Summary and Description: Yes
Summary: The text reports on a ransomware attack by the newly emerged SafePay gang against UK telematics company Microlise, highlighting the implications for both the company and its clients, including major corporations and public sector contracts. The incident underscores the evolving complexity of ransomware threats in the cybersecurity landscape.
Detailed Description: The report focuses primarily on the ransomware attack perpetrated by the SafePay gang, which has claimed responsibility for targeting Microlise, a telematics service provider. Here are the key points and insights:
– **Incident Overview**:
– SafePay claims to have stolen a substantial 1.2 TB of data from Microlise.
– The gang threatened to leak the data unless a ransom is paid within 24 hours.
– Microlise has confirmed that some of its data was indeed compromised.
– **Impact on Clients**:
– Major customers affected include DHL and Serco, both of which faced operational disruptions. For example, DHL experienced issues with tracking deliveries, while Serco reported temporary disruptions to their monitoring systems for prisoner transport.
– **Ransomware Confirmation**:
– Initially referred to as a “cyber incident,” experts believe ransomware is involved due to the nature of the disruptions reported and Microlise’s subsequent communications.
– **Response from Microlise**:
– Microlise has issued updates regarding the incident, stating that they are working on restoring their systems and securing their networks.
– The company reassured that customer data was not compromised despite the attack’s severity and ongoing assessments of its impact on operations.
– **Profile of SafePay Gang**:
– SafePay is described as a new actor in the ransomware space, with only 22 victims noted by researchers at Huntress at the time of their investigation.
– The group employed existing credentials to gain access to victim environments rather than establishing persistence through new accounts.
– **Technical Insights**:
– The tactics used by SafePay included exploiting Remote Desktop Protocol (RDP) access and disabling security applications using a known sequence of commands.
– The two-day timeframe from initial data theft to data encryption demonstrates a rapid escalation of their attack.
– **Broader Context**:
– Independent reports indicate a growing number of ransomware incidents that similarly exploit valid credentials and weak security postures.
– Given the attack’s implications, it highlights the need for continuous vigilance and updates to cybersecurity measures to defend against evolving threats.
– **Further Considerations**:
– Security professionals should take note of the behavior patterns exhibited by SafePay to inform their own incident response strategies.
– Organizations should stay abreast of developments in ransomware tactics to reinforce defenses against potential future attacks.
This incident showcases the critical importance of cybersecurity measures in both private and public sectors, particularly as ransomware operations become more sophisticated and prevalent.