Ransomware Attack on National Centre for Financial Education by Funksec

The National Centre for Financial Education (NCFE), a pivotal non-profit organization in India, has recently fallen victim to a ransomware attack allegedly orchestrated by the cybercriminal group Funksec. This incident underscores the increasing threat of ransomware attacks on educational institutions, especially those managing sensitive financial data.

About the National Centre for Financial Education

NCFE is a Section 8 not-for-profit organization based in Mumbai, India, established to enhance financial literacy across the country. Supported by key financial regulators such as the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority of India (IRDAI), NCFE plays a crucial role in implementing the National Strategy for Financial Education. The organization is renowned for its comprehensive financial education programs, including the Financial Education Training Program and the National Financial Literacy Assessment Test, which aim to empower individuals with essential financial knowledge.

Details of the Ransomware Attack

On December 9, a ransomware attack was discovered targeting NCFE. The breach involved the exfiltration of a database containing sensitive user information, including user device details, email addresses, and private keys. The exact size of the data leak remains unknown, but the attack highlights the vulnerabilities faced by educational institutions in safeguarding sensitive financial data. The attack has raised concerns about the security measures in place at NCFE, given its critical role in financial education.

Funksec: The Ransomware Group

Funksec is an emerging cybercrime group first observed in December 2024, known for its double extortion tactics. The group combines data exfiltration with encryption to pressure victims into paying ransoms. Funksec operates a Tor-based data-leak site where it hosts breach announcements and other malicious tools. The group has claimed responsibility for over 10 breaches across various industries, including media, IT, retail, and education, targeting organizations in multiple countries.

Potential Vulnerabilities and Penetration Tactics

Funksec's attack on NCFE likely exploited vulnerabilities in the organization's cybersecurity infrastructure. Educational institutions often face challenges in maintaining effective security measures due to limited resources and the need to provide open access to information. Funksec's use of double extortion tactics suggests that they may have penetrated NCFE's systems through phishing attacks or exploiting unpatched software vulnerabilities, allowing them to access and encrypt sensitive data.

Sources

• https://www.ransomware.live/id/bmNmZS5vcmcuaW5AZnVua3NlYw==