February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Stormous Ransomware Group Targets UAE Government Entities
May 6, 2024Multiple Jenkins Plugins Vulnerabilities
May 6, 2024Stormous Ransomware Group Targets UAE Government Entities
May 6, 2024Multiple Jenkins Plugins Vulnerabilities
May 6, 2024
Severity
High
Analysis Summary
The non-profit organization US-Saudi Arabian Business Council, responsible for connecting enterprises in both nations, has been claimed to be targeted by the INC Ransom group.
Numerous modifications have been made to a post dated April 17 on the ransomware gang’s dark web leak website. The ransomware group claimed to have access to a lot of sensitive data after stating that their cyberattack against the organization was successful. All financial records, emails, contracts, and agreements aren't yet open to the public, including employee personal information. The group said that if they cannot reach an agreement, all of this information—as well as much more—will be made public.
To substantiate the claim, the group also shared several documents and scans, such as files and invoices naming organizations that have done business with the council, insurance records, expense reports, and multiple passport scans, one of which seems to be of the current acting general manager of the council.
INC Ransom threatened to release the 200 GB of data in three installments, the first on April 29, the second on May 2, and the third on May 6. The contents of the first two are currently available and can be downloaded. Records relating to council personnel, both past and present, seem to be affected. The World Bank, as well as corporations like Chevron and Exxon Mobil, are included in some of the files. The data also includes a PricewaterhouseCoopers audit from 2023.
The US-Saudi Business Council was founded as a non-profit organization in 1993 as a spin-off of the US-Saudi Arabian Joint Economic Commission, a technical assistance program between the US Department of the Treasury and the Saudi Ministry of Finance and National Economy, according to the council's website.
With 15 victims claimed by the INC Ransom ransomware campaign in April alone, the group has been especially active lately. The ransomware gang has targeted organizations in Europe, Asia, Australia, and the US since it was first discovered in August 2023.
Impact
- Exposure of Sensitive Data
- Financial Loss
- Operational Disruption
Remediation
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Maintain Offline Backups - In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.