RansomHouse Ransomware Hits Lake Washington Institute of Technology
RansomHouse Ransomware Attack on Lake Washington Institute of Technology
Lake Washington Institute of Technology (LWTech), a prominent public institute in Kirkland, Washington, has recently fallen victim to a ransomware attack orchestrated by the notorious group known as RansomHouse. The breach, which occurred on June 15, led to the encryption of approximately 200GB of data, significantly compromising the institute's files.
About Lake Washington Institute of Technology
Founded in 1949, LWTech is the only public institute of technology in Washington state. It serves nearly 10,000 students annually, offering a wide range of educational programs, including 12 bachelor's degrees, 42 associate degrees, and 70 professional certificates across 41 areas of study. The institution is particularly noted for its focus on STEM fields such as Science, Technology, Engineering, and Math. LWTech is committed to inclusivity and diversity, providing various support services to students from underrepresented backgrounds.
Attack Overview
The ransomware attack has severely impacted LWTech's operations. The attackers have provided proof of the data breach but have not yet released the entire dataset, indicating that the disclosure of the stolen data may hinge on ongoing negotiations between the institute and the cybercriminals. LWTech, with a reported revenue of $45.7 million and a workforce of 538 employees, is currently assessing the full scope and impact of the attack.
About RansomHouse
RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together." However, their actions are still considered an extortion scheme. RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive.
Penetration Tactics
RansomHouse typically exploits vulnerabilities in corporate networks to gain access and steal data. They maintain a data leak site to pressure victims into paying ransoms. The group claims to be "penetration testers" finding vulnerabilities, but their primary goal is to force organizations to pay for their services. The exact method of penetration in the LWTech attack is still under investigation, but it likely involved exploiting existing security weaknesses within the institute's network.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!