Qilin Ransomware Strikes Whitestown Highway Department

Incident Date: Dec 08, 2024

Attack Overview
VICTIM
Town of Whitestown, NY Highway Department
INDUSTRY
Government
LOCATION
USA
ATTACKER
Qilin
FIRST REPORTED
December 8, 2024

Qilin Ransomware Group Targets Town of Whitestown Highway Department

The Town of Whitestown Highway Department, a critical municipal entity in New York, has allegedly fallen victim to a ransomware attack orchestrated by the Qilin group. This incident underscores the vulnerabilities faced by governmental bodies in the digital age.

Victim Profile: Town of Whitestown Highway Department

Located in Oneida County, New York, the Town of Whitestown Highway Department is tasked with maintaining and improving the town's infrastructure. With a team of 18 employees led by Highway Superintendent Salvatore Granato, the department focuses on road maintenance, snow removal, and other essential services. As a municipal entity, it operates within the local government framework, funded by public resources rather than generating revenue like private companies. The department's critical role in ensuring road safety and infrastructure maintenance makes it a significant target for cybercriminals.

Attack Overview

The Qilin ransomware group claims to have successfully exfiltrated data from the Town of Whitestown Highway Department. This attack highlights the group's continued focus on governmental and public sector targets. The breach potentially exposes sensitive information, which could disrupt the department's operations and compromise public safety.

Qilin Ransomware Group: A Notorious Threat

Emerging in July 2022, the Qilin group, also known as Agenda, operates as a Ransomware-as-a-Service (RaaS) platform. It distinguishes itself through its sophisticated double extortion tactics, where both data encryption and theft are employed to pressure victims. The group is known for its advanced encryption techniques and cross-platform adaptability, targeting Windows, Linux, and VMware ESXi environments. Qilin's affiliates, often recruited from underground forums, are incentivized with a significant share of the ransom proceeds, driving the group's aggressive expansion.

Potential Vulnerabilities and Penetration Tactics

The Qilin group likely penetrated the Highway Department's systems through spear phishing or exploiting known vulnerabilities in Citrix ADC, RDP, and VMware ESXi. The department's reliance on digital infrastructure for operations, coupled with limited cybersecurity resources typical of municipal entities, may have contributed to its vulnerability. Qilin's use of advanced obfuscation techniques and lateral movement tools like Cobalt Strike further complicates detection and mitigation efforts.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.