Malware
ARRL Confirms Explosive Cyberattack: Ransomware Gang Successfully Steals Crucial Data
The American Radio Relay League (ARRL) has confirmed that a ransomware attack in April resulted in cybercriminals stealing sensitive data. The incident highlights the importance of strong cybersecurity measures and regular data backups for organizations to prevent such attacks and protect sensitive information.
ARRL Confirms Data Breach Following Ransomware Attack
The American Radio Relay League (ARRL) recently confirmed that some of its employees’ data was stolen during a ransomware attack in May. Initially described as a “serious incident,” the ARRL, the National Association for Amateur Radio, has since sent data breach notifications to impacted individuals.
On May 14, the attackers breached and encrypted ARRL’s computer systems, prompting the organization to take the impacted systems offline. They also sought external forensic experts to assess the attack’s impact.
A “Sophisticated Ransomware Incident”
In early June, it was revealed that a “malicious international cyber group” had perpetrated a “sophisticated network attack” on the ARRL’s systems. The organization informed individuals whose data was stolen that the unauthorized third party may have acquired their personal information during the incident.
The ARRL has taken all reasonable steps to prevent the further publication or distribution of the stolen data and is working with federal law enforcement to investigate the matter. Impacted data may have included personal information such as names, addresses, and social security numbers.
In a filing with the Office of Maine’s Attorney General, the organization claims that this data breach only affected 150 employees.
Free Identity Monitoring Offered
Although the ARRL has found no evidence that the stolen personal information was misused, they have decided to provide those impacted by this data breach with 24 months of free identity monitoring through Kroll. This decision was made out of “an abundance of caution.”
Who’s Behind the Attack?
The ARRL has not linked the attack to a specific ransomware gang, but sources informed IT Services that the Embargo ransomware operation was responsible for the incident. The group first surfaced in May and has since added only eight victims to its dark web leak site. Some have already been removed, likely because they paid a ransom. However, the ARRL has yet to be listed.
In the breach notifications, the ARRL stated that they have taken “all reasonable steps to prevent your data from being further published or distributed.” This statement suggests that a ransom may have been paid to prevent the data from being leaked.
Firstmac Limited, the largest non-bank lender in Australia, is one of the victims who had over 500GB of stolen data leaked on Embargo’s website.
What’s Next?
As ransomware attacks continue to increase in frequency and sophistication, it’s essential for individuals and organizations to be vigilant and proactive in their cybersecurity efforts. If you want to learn more about protecting your data and staying ahead of cyber threats, we invite you to contact us and keep coming back for the latest information and insights.