Central Securities Corporation Hit by Major Underground Ransomware Attack

Incident Date: Jun 11, 2024

Attack Overview

VICTIM

Central Securities Corporation

INDUSTRY

Finance

LOCATION

United Kingdom

ATTACKER

Underground Team

FIRST REPORTED

June 11, 2024

Request Removal

Central Securities Corporation Falls Victim to Underground Ransomware Attack

Overview of Central Securities Corporation

Central Securities Corporation, a closed-end investment company based in New York City, has been a significant player in the finance sector since its inception on October 1, 1929. The company focuses on investing in a diversified portfolio of securities, including stocks, bonds, and other financial instruments, aiming for long-term capital growth and income for its shareholders. With a revenue of $230 million, Central Securities Corporation stands out for its professional management and transparent reporting to shareholders.

Details of the Ransomware Attack

Central Securities Corporation's website was recently attacked by the ransomware group Underground. The attack resulted in a data leak compromising 42.8 GB of sensitive information. The breach highlights the vulnerabilities that even well-established financial institutions face in the evolving cyber threat landscape.

About the Underground Ransomware Group

Underground ransomware is a sophisticated 64-bit GUI-based application known for its ability to delete backups, modify registry settings, and stop critical services like MSSQLSERVER. The ransomware identifies system volumes using API functions and leaves ransom notes in multiple system folders. It selectively encrypts files and directories, excluding specific file names, extensions, and folders.

Possible Infection Vectors

The distribution vector for Underground ransomware likely involves social engineering tactics, such as phishing emails with malicious attachments or links to compromised websites. These emails are often designed to appear legitimate, persuading users to open attachments or click links, leading to the execution of the malicious binary. Additionally, attackers may use malicious file downloads disguised as software updates or legitimate applications.

Implications and Industry Impact

This attack on Central Securities Corporation underscores the persistent threat that ransomware poses to the financial sector. Despite robust security measures, the sophistication of groups like Underground continues to challenge even the most prepared organizations. The breach not only compromises sensitive data but also threatens the trust and financial stability of the affected institution.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.