RansomHub Hits Prasarana Malaysia Berhad: 316 GB Data Stolen in Cyberattack
RansomHub Targets Prasarana Malaysia Berhad in Ransomware Attack
Prasarana Malaysia Berhad, a cornerstone in Malaysia’s public transportation sector, has recently fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 316 GB of data from Prasarana’s internal systems, threatening to publish the stolen information if their ransom demands are not met by September 1st.
About Prasarana Malaysia Berhad
Established in 1998 under the Ministry of Finance, Prasarana Malaysia Berhad is a wholly-owned government entity responsible for managing and enhancing Malaysia's public transportation infrastructure. The company operates key transportation networks, including Light Rail Transit (LRT) systems, the Kuala Lumpur Monorail, and Mass Rapid Transit (MRT) lines. Additionally, Prasarana manages bus services across Kuala Lumpur, Selangor, Penang, and Pahang, serving millions of commuters daily. The company is headquartered in Petaling Jaya, Selangor, and employs approximately 1,783 people.
Attack Overview
The ransomware attack on Prasarana was claimed by RansomHub, a relatively new but increasingly notorious ransomware group. The group has threatened to release the stolen data within six to seven days if their ransom demands are not met. Despite the breach, Prasarana has assured the public that its daily operations, including services under the RapidKL brand, remain unaffected. The company is actively working with cybersecurity experts, the National Cyber Security Agency (Nacsa), and CyberSecurity Malaysia to investigate and mitigate the impact of the attack.
About RansomHub
RansomHub is a ransomware group believed to have roots in Russia, operating as a Ransomware-as-a-Service (RaaS) entity. Affiliates of the group receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare institutions. Their ransomware strains are written in Golang, a language gaining popularity in the ransomware world for its efficiency and versatility.
Potential Vulnerabilities
Prasarana’s extensive and complex IT infrastructure, necessary for managing its vast transportation network, may have presented vulnerabilities that RansomHub exploited. The use of Golang in RansomHub’s ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures. The attack underscores the importance of stringent cybersecurity protocols, especially for critical infrastructure entities like Prasarana.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!