KQ has yet to suffer another ransomware attack from a
notorious group called Ransomexx. The airline has so far suffered two
ransomware attacks, the first one being the attack by Medusa, which leaked a
sensible amount of private information
Who is Ransomexx?
Ransomexx is the group responsible for the ransomware
attack targeted on Kenya Airways(KQ). The group has been operating since 2018 and came into the limelight in 2020 after attacking high-profile organizations and posting their leaks on their dark website
The group, being one of the newest players, has been responsible for ransomware attacks on Linux, Ferrari Starhub, Gigabyte, Aljaber Engineering, and Admila ELAP among others.
The group uses the following methodologies to compromise internal servers:
1. Taking advantage of unpatched systems to exploit the internal servers with code execution and stay covert
2. Privilege escalation where they elevate privileges and connect to an external command and control (C2)
3. Payload execution to the servers to perform the intended actions
The notorious
group uploaded teasers on the internet of what they had extracted from KQ but uploaded the full data leak on their dark website.
The 2GB data leaked includes:
Passports, IDs, Logbooks, Appointment and Transfer letters, Future
plans for the airlines, accident reports and investigation, passengers who had
used the airline, Death and funeral announcements, Investigation reports and Password files among other very sensitive files
KQ has not yet released a statement on the attack or confirmed the legitimacy of the leaked files.
The data leak could be an open door to potential cyber
threats such as fraud, impersonation, and phishing among others.
Here are a few steps to avoid ransomware attacks (credits to Alvin Gitonga):
This is a developing story, stay tuned to Gizmunch for
updates on this story
Thank you for reading. Keep it GizMunch.
Great publication!
ReplyDeleteInsightful and informative, this is an excellent piece bro
ReplyDelete