Ransomware Attack on GSTPAM by Funksec: A Detailed Analysis

On December 16, the Goods and Services Tax Practitioners' Association of Maharashtra (GSTPAM) fell victim to a ransomware attack orchestrated by the cybercrime group Funksec. This incident highlights the vulnerabilities faced by organizations managing sensitive financial data, particularly in the context of India's evolving tax landscape.

About GSTPAM

GSTPAM, established in 1951, is a prominent professional body supporting tax practitioners in Maharashtra, India. The association, originally known as the Sales Tax Practitioners' Association of Maharashtra, has evolved to address the complexities introduced by the Goods and Services Tax (GST) regime. It comprises a diverse membership, including Chartered Accountants, Cost Accountants, Company Secretaries, and Advocates specializing in indirect taxes. GSTPAM is known for its commitment to education and professional development, offering workshops, seminars, and a monthly journal titled "Sales Tax Review."

Attack Overview

The ransomware group Funksec infiltrated GSTPAM's database, exfiltrating files containing personally identifiable information (PII). The extent of the data leak remains undetermined, but Funksec has released four screenshots as evidence of their breach. This attack underscores the ongoing vulnerabilities faced by organizations handling sensitive data, particularly in the financial sector.

Funksec: A Rising Threat

Funksec, first observed in December 2024, has quickly gained notoriety in the cybercrime landscape. The group employs double extortion tactics, combining data exfiltration with encryption to pressure victims. Their Tor-based data-leak site hosts breach announcements and a free DDoS tool, hinting at planned ransomware expansion. Funksec's activities suggest potential operations as a data broker, diversifying its extortion methods.

Sources

• Ransomware.live Post
• GSTPAM - About Us
• GSTPAM News Bulletin August 2024
• GSTPAM - Contact Us
• MNLU Mumbai - GST 2024 Brochure