Ransomware Attack Hits Ryland Peters & Small and CICO Books, Data Compromised
Ransomware Attack on Ryland Peters & Small and CICO Books by APT73
Ryland Peters & Small and CICO Books, renowned independent publishers specializing in beautifully illustrated books, have become the latest victims of a ransomware attack orchestrated by the emerging ransomware group APT73. The attack has compromised 447 MB of sensitive data, including logins, emails, passwords, and important documents, posing a significant risk to the publisher's internal operations and the privacy of their clients and partners.
Company Profile
Ryland Peters & Small and CICO Books are known for their high-quality publications across various genres, including home and garden, food and drink, crafts, health, and children's literature. The company collaborates with top authors, photographers, and stylists to create visually stunning books that inspire creativity and enhance the reader's lifestyle. With an estimated revenue of around $5.5 million, the company operates as a small to medium-sized enterprise with a significant presence in both the UK and international markets.
Attack Overview
The ransomware group APT73 has claimed responsibility for the attack via their dark web leak site, ERALEIGNEWS. The compromised data includes sensitive information such as logins, emails, passwords, and important documents. This breach not only threatens the security of the publisher's internal operations but also poses a significant risk to the privacy of their clients and partners. The attack underscores the increasing vulnerability of creative and independent businesses to sophisticated cyber threats.
About APT73
APT73 is a relatively new ransomware group that has recently surfaced in the cyber threat landscape. The group exhibits similarities to the LockBit ransomware variant, particularly in its data leak site design and operational tactics. APT73 primarily targets organizations through phishing attacks, compromising systems to deploy ransomware. The group operates a TOR-based data leak site named "ERALEIGNEWS" for leaking stolen data, employing a LockBit-styled approach. Despite some amateurish traits, APT73 poses a significant threat to organizations, leveraging sophisticated ransomware tactics reminiscent of established threat actors.
Penetration Tactics
APT73 likely penetrated Ryland Peters & Small and CICO Books' systems through phishing attacks, a common tactic used by ransomware groups to gain initial access. Once inside, the attackers deployed ransomware to encrypt sensitive data and exfiltrated it to their data leak site. The lack of active mirrors for their data leak site indicates a somewhat amateurish approach compared to more established ransomware groups, but the impact of their attacks remains severe.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!