Ransomware Attack on Lutheran Foundation by Raworld: Key Details

Incident Date: Jul 24, 2024

Attack Overview

VICTIM

The Lutheran Foundation

INDUSTRY

Organizations

LOCATION

USA

ATTACKER

Ra World

FIRST REPORTED

July 24, 2024

Request Removal

Ransomware Attack on The Lutheran Foundation by Raworld

Overview of The Lutheran Foundation

The Lutheran Foundation, a nonprofit organization based in Indiana, USA, is dedicated to advancing Christian faith and mental wellness within communities. The Foundation supports Lutheran congregations and organizations through grants, events, and volunteer initiatives. Their mission includes enhancing volunteer engagement and service delivery, promoting mental health support, and reducing the stigma surrounding mental illness. The Foundation operates with a relatively small workforce, relying on both paid staff and volunteers.

Details of the Ransomware Attack

The Lutheran Foundation has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group known as Raworld. The attackers have compromised a variety of sensitive documents, including legal and financial records, business contracts, and employee-related files. Raworld has announced a schedule for the public release of these documents, with the first batch slated for release on July 25, 2024. This breach poses significant risks to the Foundation's operations and confidentiality, potentially leading to legal and financial repercussions.

About Raworld Ransomware Group

Raworld is an emerging ransomware group that has shown increased activity since early 2024. Originating as a rebranded version of the RA Group, Raworld employs a multi-stage attack process designed for maximum impact. They use double extortion tactics, exfiltrating sensitive data before encryption, and exploit Group Policy Objects for lateral movement. The group has targeted various sectors, including healthcare, finance, manufacturing, and retail, with a primary focus on the United States, Europe, and Southeast Asia.

Penetration and Impact

Raworld's attack on The Lutheran Foundation likely involved exploiting vulnerabilities in the Foundation's cybersecurity infrastructure. The group is known for using a custom version of the Babuk ransomware source code, implementing anti-AV measures, and employing intermittent file encryption to evade detection. The Foundation's reliance on a small workforce and volunteers may have contributed to gaps in their cybersecurity defenses, making them a target for sophisticated ransomware attacks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.