RansomEXX Ransomware Hits Brontoo Tech, 3.6GB Data Stolen

Incident Date: Aug 10, 2024

Attack Overview

VICTIM

Brontoo Technology Solutions

INDUSTRY

Software

LOCATION

India

ATTACKER

Ransomexx

FIRST REPORTED

August 10, 2024

Request Removal

RansomEXX Ransomware Attack on Brontoo Technology Solutions

Brontoo Technology Solutions, a software development and IT consulting firm based in India, has recently fallen victim to a ransomware attack orchestrated by the notorious group RansomEXX. The attack has resulted in the exfiltration of 3.6GB of highly sensitive data, including financial records, customer information, and partner credentials.

About Brontoo Technology Solutions

Founded in 2015, Brontoo Technology Solutions is a small to medium-sized enterprise (SME) specializing in custom software development, IT consulting, and digital transformation services. The company is known for its client-centric approach, leveraging technology to drive innovation and growth for businesses across various industries. Brontoo's partnerships with leading technology providers like Microsoft, AWS, and Google Cloud Platform further enhance its service offerings.

Details of the Attack

The ransomware attack on Brontoo Technology Solutions has led to the compromise of a wide array of data. This includes financial records such as bank account details, transactions, and loan information, as well as customer and user information, partner credentials, and extensive transactional data. The breach also involves system logs, error reports, and insurance and audit information, highlighting the significant potential impact on both the company's financial operations and the personal privacy of its stakeholders.

About RansomEXX

RansomEXX, also known as Sprite Spider, is a ransomware group that has been active since 2018. The group is known for targeting both Windows and Linux environments and employs a tactic known as "double extortion," where stolen data is published on their dark web leak site if the ransom is not paid. RansomEXX has been involved in high-profile attacks on major corporations and government agencies worldwide, including the Texas Department of Transportation and Ferrari.

Penetration and Vulnerabilities

RansomEXX employs sophisticated techniques to infiltrate and spread within target networks. These methods include compromised remote desktop protocol, phishing campaigns, exploiting vulnerabilities, and leveraging tools like Pyxie, Cobalt Strike, and Vatet for post-compromise activities. The specific vulnerabilities that allowed RansomEXX to penetrate Brontoo Technology Solutions' systems are not publicly disclosed, but the attack underscores the importance of vigilant cybersecurity measures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.