The Underground ransomware gang has claimed duty for an October 5 assault on Japanese tech big Casio, which induced system disruptions and impacted a number of the agency’s providers.
Earlier this week, Casio disclosed the assault on its web site however withheld particulars concerning the incident, saying it had engaged exterior IT specialists to research whether or not private knowledge or different confidential data was stolen within the assault.
In the present day, the Underground ransomware group has added Casio on its darkish internet extortion portal, leaking troves of information allegedly stolen from the Japanese agency.
The leaked knowledge contains:
- Confidential paperwork (社外秘)
- Authorized paperwork
- Private knowledge of staff
- Confidential NDA’s
- Worker payroll data
- Patents data
- Firm monetary paperwork
- Undertaking data
- Incident reviews
If the above is true, the assault has compromised Casio’s workforce and mental property, which may negatively influence its enterprise.
Supply: BleepingComputer
BleepingComputer has contacted Casio once more requesting a touch upon the menace actors’ claims and knowledge leak, however we’ve not acquired a response by publication. Due to this fact, the menace actor’s claims stay unverified.
Underground ransomware overview
In keeping with a Fortinet report from late August 2024, Underground is a comparatively small-scale ransomware operation concentrating on Home windows techniques since July 2023.
The pressure has been related to the Russian cybercrime group ‘RomCom’ (Storm-0978), who beforehand delivered Cuba ransomware on breached techniques.
Fortinet reviews that through the summer season, Underground ransomware operators engaged in exploiting CVE-2023-36884, a distant code execution flaw in Microsoft Workplace, seemingly used as an an infection vector.
As soon as a system is breached, the attackers modify the registry to maintain Distant Desktop classes alive for 14 days after person disconnection, giving them a cushty window to keep up entry to the system.
Underground doesn’t append any file extensions to encrypted information, and it is configured to skip file sorts important for Home windows operation to keep away from rendering the system unusable.
Furthermore, it stops the MS SQL Server service to unencumber knowledge for theft and encryption, maximizing the assault’s influence.
As is the case with most Home windows ransomware, Underground deletes shadow copies to make simple knowledge restoration inconceivable.
Supply: Fortinet
An uncommon trait in Underground’s extortion ways is that it additionally leaks the stolen knowledge on Mega, selling hyperlinks to archives hosted there through its Telegram channel, maximizing the publicity and availability of the information.
Underground ransomware’s extortion portal presently lists 17 victims, most of whom are based mostly within the USA.
Whether or not or not the Casio assault would be the menace group’s breakthrough into the mainstream, adopted by a better assault quantity/tempo, stays to be seen.
