The UK-based office space rental agency, North East BIC, has become the latest victim of the notorious ALPHV ransomware group, also known as Blackcat. The cybercriminals have claimed to have extracted a significant amount of data, totaling 317 GB, during the attack on North East BIC. In a dark web post, the hackers have issued a three-day ultimatum to the company, threatening to publicly release the stolen data if their demands are not met.
The NE-BIC cyber attack reportedly took place on August 22, 2023, and the hackers have posted five attachments containing stolen data on their leak site. Despite the attack, the website of North East BIC remains accessible at the time of writing. The company has been contacted for a comment regarding the alleged ransomware attack, and this report will be updated based on their response.
ALPHV has provided samples of the exfiltrated data from the North East BIC cyber attack on their leak site. Screenshots shared by threat intelligence platform Falcon Feeds show blurred images of documents that appear to contain photographs of people. However, the authenticity of these documents has not been confirmed. In their message regarding the ransomware attack, the hackers threatened to publish the stolen data, which they claim includes confidential documents belonging to citizens.
The dataset stolen in the cyber attack includes a wide range of internal company data such as employees’ personal information, curriculum vitae, driving licenses, social security numbers, financial reports, accounting data, information about loans, insurance data, and agreements. In addition, client documents containing driving licenses, identity documents, social security numbers, financial data, credit card data, information about loans, and agreements were also stolen.
North East BIC is a non-profit social enterprise based in Sunderland, UK, that provides business scaling support to promote innovation and growth. The company was recently recognized by the Ministry of Defence’s Employer Recognition Scheme for its ongoing support to the armed forces community. However, it has now fallen victim to the ALPHV ransomware group.
ALPHV, also known as Blackcat, has been active in targeting various organizations in recent times. Ransomware News, a source that provides information about cyber attack claims found on the dark web, has highlighted several incidents attributed to the group. Some of the organizations that have reportedly been attacked by Blackcat include Sirius Computer Solutions, Atlantic Federal Credit Union, Triune Technofab Private Limited, Davidoff Hutcher & Citron, and Seiko Group Corporation.
ALPHV has also been mentioned in threat intelligence reports for its API feature, which is used on its leak site. This feature allows the synchronization of leak posts and attachments with any database. According to a report by Cyble, the API crawler developed by ALPHV ensures that only modified or new articles are considered for synchronization, making it easier for the group to access old and new leak posts and attachments containing exfiltrated data.
It is important to note that this report is based on internal and external research obtained through various sources. The information provided is for reference purposes only, and users should exercise caution and responsibility when relying on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.