McDowall Affleck, an Australian engineering firm, has acknowledged being the target of a “cyber incident.” While the company has not identified a specific threat actor, the RansomHub ransomware group claimed responsibility for the McDowall Affleck cyberattack on August 1, 2024.
The alleged perpetrator behind the attack, RansomHub, is a notorious ransomware group known for high-profile attacks. Details of the McDowall Affleck cyberattack were shared on a dark web site linked to the threat actor.
According to RansomHub’s own communication, the group claims to have accessed 470 GB of McDowall Affleck’s internal data. The leaked information reportedly includes critical documents, insurance records, tender and contract details, and personal information of both employees and clients.
RansomHub has threatened to release this data publicly within the next 4-5 days unless their demands are met.
Decoding the McDowall Affleck Cyberattack by RansomHub
A recent update on the RansomHub group’s darknet site provided details about the cyberattack on McDowall Affleck. The entry noted the URL “mcdowallaffleck.com.au” and indicated that the data size is 470GB. It also recorded that the page had been visited 11 times, with the last view occurring on August 1, 2024, at 10:31:02. The countdown to potential data release was marked at 4 days, 13 hours, 9 minutes, and 57 seconds.
In an exclusive statement to The Cyber Express, a spokesperson for McDowall Affleck addressed the recent cyberattack, saying, “McDowall Affleck recently experienced a cyber incident. As soon as we detected the issue, we took immediate steps to secure our systems. We engaged forensic experts to investigate the breach and ensure our systems are operational and secure.”
The spokesperson continued, “We are currently evaluating the legitimacy of the claims made online. Protecting our employees’ and clients’ information is our top priority. We have reached out to all affected parties and provided guidance on how to secure their information. We’ve reported the incident to the Australian Cyber Security Centre (ACSC) and WA Police and are cooperating fully with law enforcement and privacy regulators.”
The Rise of RansomHub Ransomware Group
RansomHub, the group behind the cyberattack on McDowall Affleck, is believed to be an evolved variant of the Knight ransomware and has affiliations with the ALPHV group. This ransomware operation utilizes a Ransomware-as-a-Service model, exploiting vulnerabilities like Zerologon to gain initial access. Once inside, they encrypt data and demand a ransom, threatening to release sensitive information if their demands are not met.
RansomHub has previously made headlines with attacks on high-profile targets, including Christie’s, the world’s largest auction house. Previously, Christie’s reported taking their website offline due to a similar “technology security incident,” with RansomHub claiming responsibility and threatening to leak data from the auction house.
The attack on McDowall Affleck highlights the growing threat posed by sophisticated ransomware groups like RansomHub. As organizations continue to face these types of cyber threats, the importance of robust cybersecurity measures and prompt incident response cannot be overstated.
McDowall Affleck’s proactive approach to securing their systems and cooperating with authorities is a crucial step in mitigating the impact of the cyberattack. The firm has assured its stakeholders that it is doing everything possible to address the situation and protect sensitive information.