Meow Ransomware Group Targets Andersen Tax LLC in Major Cyber Attack

Overview of Andersen Tax LLC

Andersen Tax LLC, operating under the brand name Andersen, is a leading independent firm specializing in tax advisory, valuation, financial advisory, and related consulting services. Headquartered in San Francisco, California, Andersen is a founding member of Andersen Global, a network of legally separate, independent member firms. The firm boasts a workforce of over 17,000 professionals across more than 475 locations in 170 countries. Andersen is recognized for its commitment to quality, independence, and transparency, aiming to set the benchmark for excellence in the industry.

Details of the Ransomware Attack

The Meow Ransomware group has claimed responsibility for a cyber attack on Andersen Tax LLC. The attackers reportedly infiltrated the company's systems, gaining access to three SQL databases containing sensitive client data, financial records, and other critical information. The ransomware group has listed this confidential data for sale at $300 on their dark web leak site, urging potential buyers to register for a smooth and confidential transaction. This breach poses significant risks to Andersen's reputation and the security of its clients' information.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and has been highly active in 2024, primarily targeting victims in the United States. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group is known for targeting industries with sensitive data, such as healthcare and medical research.

Potential Vulnerabilities and Penetration Methods

The exact method by which Meow Ransomware penetrated Andersen's systems remains unclear. However, common vulnerabilities exploited by ransomware groups include weak or compromised passwords, unpatched software, and inadequate network security measures. Andersen's extensive global network and the sensitive nature of the data they handle make them an attractive target for cybercriminals. The ransomware group likely used a combination of phishing emails and exploiting RDP vulnerabilities to gain initial access to Andersen's systems.

Implications for Andersen and Its Clients

The ransomware attack on Andersen Tax LLC highlights the growing threat of cyber attacks on professional services firms. The breach not only jeopardizes the security of sensitive client data but also threatens the firm's reputation and client trust. Andersen's commitment to quality and transparency will be put to the test as they navigate the aftermath of this significant cyber incident.

Sources

• Andersen
• SOCRadar - Dark Web Profile: Meow Ransomware
• SalvageData - Meow Ransomware
• Alvaka Networks - Meow Ransomware Recovery Services
• WatchGuard - Meow Ransomware