RansomHub Targets Walking Tree Travel in Ransomware Attack

Walking Tree Travel, a Denver-based organization renowned for its immersive educational travel programs, has allegedly fallen victim to a ransomware attack by the notorious RansomHub group. This breach has exposed sensitive personal information, including personally identifiable information (PII) and passport details, raising significant concerns about data privacy and security.

About Walking Tree Travel

Founded in 2005, Walking Tree Travel is dedicated to fostering global citizenship among high school students and teachers through transformative travel experiences. The organization offers programs across various continents, emphasizing cultural immersion, community service, and adventure travel. With a modest team of 11 to 50 employees, Walking Tree Travel has engaged thousands of students from over 500 high schools across 46 states and nine countries. Their commitment to authentic experiences and educational enrichment distinguishes them in the youth travel sector.

Attack Overview

The ransomware attack orchestrated by RansomHub has compromised critical data, including PII and passport details of participants. This breach highlights vulnerabilities in Walking Tree Travel's cybersecurity infrastructure, which may have been exploited through phishing campaigns or unpatched system vulnerabilities. The attack underscores the growing threat of ransomware to organizations in the education sector, which often handle sensitive data.

RansomHub's Modus Operandi

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself as a formidable player in the ransomware landscape. Known for its aggressive affiliate model, RansomHub employs double extortion tactics, encrypting data and exfiltrating sensitive information to increase ransom demands. The group is affiliated with former Knight ransomware actors and leverages advanced techniques such as intermittent encryption and Curve 25519 elliptic curve encryption.

Potential Vulnerabilities

Walking Tree Travel's reliance on digital systems for managing participant data may have made it an attractive target for RansomHub. The group's expertise in exploiting vulnerabilities, such as unpatched systems and phishing, could have facilitated the breach. This incident serves as a stark reminder of the importance of comprehensive cybersecurity measures, particularly for organizations handling sensitive information.