KillSec Ransomware Hits Warsaw Notaries, Data Compromised
Ransomware Attack on Warsaw Chamber of Notaries by KillSec
The Warsaw Chamber of Notaries, known as Izba Notarialna w Warszawie, has recently fallen victim to a ransomware attack orchestrated by the notorious group KillSec. This attack has compromised a significant amount of sensitive data, including contracts, events, staff information, and financial records stored on the organization's servers.
About the Victim
Izba Notarialna w Warszawie is a professional organization that brings together notaries operating within the jurisdiction of a specific appellate court district. The Chamber currently comprises 733 notaries who conduct their activities either individually or in partnerships across 504 notarial offices. The Chamber serves as a regulatory and representative body for its members, ensuring adherence to legal and ethical standards in their professional activities.
Notaries in Poland, including those associated with the Warsaw Chamber, perform crucial functions such as drafting notarial deeds, authenticating documents, certifying signatures, and providing legal advice related to the preparation of documents and the execution of legal transactions. The Chamber also oversees the notarial training program, ensuring that aspiring notaries acquire the necessary knowledge and skills to perform their duties effectively.
Attack Overview
The ransomware group KillSec has claimed responsibility for the attack on the Warsaw Chamber of Notaries via their dark web leak site. The attackers have breached the notariusze.waw.pl domain, compromising a wide array of sensitive data. KillSec is demanding a ransom of 10,000 EUR in exchange for wiping the stolen data and preventing its potential misuse or exposure.
About KillSec
KillSec, also known as Kill Security, is a ransomware group that has targeted various industries and countries. The group has been active in carrying out ransomware attacks, with known victims in sectors such as government, manufacturing, defense, professional services, banking & finance, and sports & gaming. KillSec uses a variety of communication channels, including Telegram, Session Messenger, and Tox, and demands ransom payments in Monero (XMR) cryptocurrency.
Penetration and Vulnerabilities
While the exact method of penetration used by KillSec in this attack is not publicly disclosed, ransomware groups typically exploit vulnerabilities such as outdated software, weak passwords, and phishing attacks. The Warsaw Chamber of Notaries, like many organizations, may have been vulnerable due to insufficient cybersecurity measures, making it an attractive target for threat actors like KillSec.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!