RansomHub Ransomware Attack on Minneapolis Park and Recreation Board

On November 20, the Minneapolis Park and Recreation Board (MPRB) allegedly fell victim to a ransomware attack orchestrated by the infamous group RansomHub. This breach, identified on November 26, reportedly compromised 235GB of sensitive data, encompassing financial documents, insurance certificates, and personal employee information. The incident resulted in the shutdown of MPRB's phone lines, though systems for program registration remained operational.

About the Minneapolis Park and Recreation Board

The MPRB functions as an independent entity tasked with managing an extensive urban park system in Minneapolis, Minnesota. It supervises roughly 7,059 acres of parkland, which includes 185 park properties, 22 lakes, and 49 recreation centers. Serving approximately 30 million visitors annually, the board employs over 2,000 staff members. Esteemed as one of the premier urban park systems in the United States, the MPRB is dedicated to ensuring equity and accessibility in its offerings.

RansomHub: A Formidable Ransomware Group

RansomHub surfaced in February as a Ransomware-as-a-Service (RaaS) group, swiftly gaining a reputation for its aggressive affiliate model and double extortion strategies. The group is notorious for encrypting victims' data while simultaneously exfiltrating sensitive information to escalate ransom demands. RansomHub's operations are marked by their speed and precision, targeting high-value sectors such as government, healthcare, and financial services.

Attack Overview

The attack on MPRB underscores the vulnerabilities that organizations managing large volumes of sensitive data face. RansomHub likely infiltrated MPRB's systems through phishing campaigns or by exploiting unpatched vulnerabilities. The group's employment of advanced data exfiltration techniques and intermittent encryption poses a significant threat to organizations globally. In response, MPRB's IT department has acted swiftly to mitigate further damage and is actively working to restore services.

Implications and Response

The breach highlights the critical need for effective cybersecurity measures for organizations like MPRB, which are responsible for essential public services and sensitive data. As the MPRB evaluates the full impact of the breach, it has advised the public to utilize alternative communication methods for administrative inquiries. The board remains committed to restoring services and maintaining public trust during this challenging period.