Ransomware Attack on ABS-CBN by RansomHouse

Victim Overview

ABS-CBN Corporation, a leading media and entertainment company based in Quezon City, Philippines, was targeted by a ransomware attack orchestrated by the cybercriminal group RansomHouse. ABS-CBN is known for its extensive media offerings, including television and radio broadcasting, cinema, cable channels, music production, and distribution. The company operates globally and has a significant presence in various regions.

Attack Details

The attackers managed to exfiltrate a significant amount of data, totaling 500 GB, from ABS-CBN's systems. The specific types of data exfiltrated were not disclosed, but the attack utilized ransomware as the method of choice.

Ransomware Group Profile: RansomHouse

RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead steals sensitive data from victims and threatens to publicly release it if a ransom is not paid. The group positions itself as a force for good, aiming to highlight companies that neglect their security measures.

How the Attack Occurred

RansomHouse distinguishes itself by focusing on data exfiltration rather than encryption. The group likely penetrated ABS-CBN's systems through vulnerabilities in their security measures, exploiting weaknesses to steal sensitive data. The attackers then used ransomware as a means to extort the company for payment.

Sources:

• ABS-CBN Corporation Wikipedia
• RansomHouse Profile
• Threat Profile: RansomHouse
• Everything About Data Extortion Group RansomHouse
• SentinelOne: RansomHouse
• CyberInt: RansomHouse