Ransomware Attack on Herron Todd White by BlackSuit Group

Overview of Herron Todd White

Herron Todd White is a prominent independent property valuation and advisory group based in Australia. Founded in 1968, the company has grown to employ approximately 700 staff across various locations in Australia. As a leader in the property valuation sector, Herron Todd White provides comprehensive services including property valuations, advisory services, and quantity surveying. Their specialization in tax depreciation schedules and replacement cost estimate reports distinguishes them within the industry, offering significant financial benefits to clients.

The company's extensive network and commitment to unbiased valuations underpin its reputation as a trusted advisor in the property sector. Herron Todd White's financial performance and strategic operations are supported by detailed financial documentation and a robust corporate structure, making it a key player in its field.

Details of the Cyber Attack

BlackSuit, the ransomware group, which surfaced in 2023 and shows strong affiliations with the notorious Royal ransomware group, has claimed responsibility for an attack on Herron Todd White. The attack was announced on BlackSuit's dark web leak site, where they disclosed having encrypted valuable data belonging to Herron Todd White and provided a ransom note.

The ransomware specifically targets systems including Windows and Linux, and is capable of crippling VMware ESXi servers, which are critical for virtual infrastructure management. In this attack, files were encrypted with a .blacksuit extension, and a ransom note titled README.BlackSuit.txt was dropped in affected directories, directing victims to a Tor chat site for negotiations.

Implications for Herron Todd White

The data compromised in the attack reportedly includes 279 GB of documents and a 20 GB SQL database containing customer and transaction information. This breach not only threatens the privacy and security of Herron Todd White's clients but also poses significant operational and reputational risks to the company. The exposure of sensitive valuation data and client information could have long-lasting effects on the firm's market position and client trust.

Vulnerabilities and Industry Impact

As a leading entity in the property valuation sector, Herron Todd White's extensive data collection and storage of sensitive financial and personal information make it an attractive target for cybercriminals. The reliance on digital platforms for managing large volumes of data can create potential security vulnerabilities, particularly if not adequately protected. This incident highlights the critical need for robust cybersecurity measures in the property valuation industry, where the confidentiality and integrity of client data are paramount.

Sources

• IBISWorld - Herron Todd White (Australia) Pty Ltd
• Dun & Bradstreet - Herron Todd White (Australia) Pty Ltd
• Security Affairs - BlackSuit Similar to Royal Ransomware
• BleepingComputer - The Week in Ransomware May 5th 2023: Targeting the Public Sector