Rhode Island Benefits System Down Following Attack on Deloitte

Rhode Island’s primary benefits system, RIBridges, was shut down following a likely ransomware attack on Deloitte, the system’s operator, the Cybernews reports.

Deloitte informed the state of a significant security threat on December 5th, one day after ransomware group Brain Cipher claimed responsibility for hacking Deloitte.  

The attack may have exposed sensitive personal data of anyone who applied for or received benefits through RIBridges, including names, addresses, Social Security numbers, dates of birth, and banking information.

The breach affects hundreds of thousands of residents and multiple state-run programs, such as Medicaid, SNAP, TANF, and HealthSource RI. Residents are currently applying for benefits via paper forms as state and federal authorities investigate the breach.  

Deloitte reported that attackers likely stole 1TB of data, potentially impacting Deloitte’s other clients.

The attack could lead to identity theft, medical fraud, or targeted scams, as the stolen data provides attackers with comprehensive personal profiles. Furthermore, the breach may disrupt legitimate access to benefits by enabling fraudulent claims.

The state is offering free credit monitoring to affected individuals and has committed to notifying impacted households by mail. As investigations continue, the incident highlights the escalating risks ransomware attacks pose to critical infrastructure and vulnerable populations.

Takeaway: Brain Cipher is a ransomware group that emerged in June 2024, rapidly establishing itself as a significant threat in the cybercrime landscape.  

The group is believed to use ransomware crafted from the leaked LockBit 3.0 builder, a tool that enables them to encrypt victims’ data and demand payment for decryption. Their operations have drawn attention for their sophistication and aggressiveness, targeting organizations across various sectors.

The group employs a range of tactics, techniques, and procedures (TTPs) to carry out their attacks. Brain Cipher often gains initial access to systems through phishing campaigns, tricking victims into downloading malicious files.  

Once inside, they leverage tools and exploits to move laterally across networks, frequently targeting Windows domain administrator credentials to maximize their reach. Before encrypting data, they exfiltrate sensitive information to use as leverage in double-extortion schemes, threatening to release stolen data if ransom demands are not met.  

Brain Cipher has shown a diverse targeting strategy, attacking the public sector, critical infrastructure, and industries such as finance and manufacturing.  

Their attacks have included high-profile disruptions, such as the compromise of Indonesia's National Data Center, which impacted immigration and customs services. Recently, they have expanded their focus, signaling a willingness to target a broader range of industries.

The group’s ransom demands vary depending on the victim, but they are often substantial, reflecting the critical nature of the systems they compromise. By combining data theft with system encryption, Brain Cipher maximizes pressure on victims, often leaving them with little choice but to negotiate.

‍

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.