RansomHub Ransomware Attack on New York Press Service

On November 12, New York Press Service (NYPS), a prominent media and advertising organization, became the latest victim of a ransomware attack by the notorious RansomHub group. This incident has raised significant concerns about data security and operational continuity for the company, which plays a crucial role in facilitating press release distribution and digital marketing across New York State.

Company Profile and Industry Standing

NYPS, established in 1945, is based in Albany, New York, and specializes in print and digital marketing services. Despite its small team of around 10 employees, the company has carved a niche in the media buying landscape, serving advertising agencies and clients across various regions, including Albany, Manhattan, Nassau County, and Westchester County. NYPS is distinguished by its extensive network of over 700 newspapers and digital platforms, which include community, culturally specific, and religious publications. This network allows NYPS to offer comprehensive advertising solutions, reaching approximately 15.5 million readers statewide.

Attack Overview

The ransomware attack orchestrated by RansomHub resulted in the exfiltration of approximately 280GB of data, including financial documents and client contracts. This breach has significantly impacted NYPS's operations, threatening its ability to maintain confidentiality and trust with its clients. The compromised data underscores the severity of the incident, as it includes sensitive documents integral to the company's print and digital marketing services.

RansomHub's Modus Operandi

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself as a formidable threat in the cybersecurity landscape. Known for its aggressive affiliate model and double extortion tactics, RansomHub encrypts victims' data while exfiltrating sensitive information to leverage ransom demands. The group is affiliated with former Knight ransomware actors and ALPHV/BlackCat, utilizing cybercrime forums like RAMP to expand its network of experienced threat actors.

Potential Vulnerabilities

RansomHub's attack on NYPS likely exploited vulnerabilities in the company's systems, potentially through phishing campaigns or unpatched software. The group's expertise in targeting high-value sectors, such as media and advertising, makes organizations like NYPS particularly vulnerable. The attack highlights the critical need for effective cybersecurity measures to protect sensitive data and maintain operational integrity.

Sources

• New York Press Service - About Us
• Press Release Distribution - NYPS
• New RansomHub TTPs Include TDSSKiller and LaZagne for Disabling EDR
• Power Rankings: Ransomware Malicious Quartile Q3-2024