San Francisco Ballet Targeted by Meow Ransomware Group

The San Francisco Ballet, a renowned cultural institution in the United States, has fallen victim to a ransomware attack orchestrated by the Meow Ransomware group. This incident highlights the vulnerabilities faced by organizations in the arts and entertainment sector, particularly those with significant digital assets and sensitive data.

About San Francisco Ballet

Founded in 1933, the San Francisco Ballet is the oldest ballet company in the United States. It is celebrated for its innovative productions and commitment to artistic excellence. Under the leadership of Artistic Director Tamara Rojo, the company blends tradition with contemporary themes, offering a diverse repertoire that includes both classical and modern works. The organization operates as a nonprofit, with an annual revenue of approximately $36 million, supporting performances, educational programs, and community outreach initiatives.

Details of the Ransomware Attack

The San Francisco Ballet Company, the oldest ballet company in the United States, has been targeted by the MEOW Ransomware group. The attack was first claimed by the Meow ransomware group, although the exact date of the breach was not specified on their leak site. The INC Ransom group also posted sample files allegedly stolen from the ballet company on October 30th. Meow claims to have obtained over 40 GB of confidential data from the organization, including employee data, client information, contracts, financial documents, payroll information, legal and insurance documents, and medical records. The stolen data is being offered for sale on their dark victim blog, with a price tag of $200,000 for one buyer or $100,000 for multiple buyers. The samples provided by Meow include copies of sensitive data and PII.

Profile of Meow Ransomware Group

Meow Ransomware emerged in late 2022 and is associated with the Conti v2 ransomware variant. The group is known for targeting organizations in the United States, particularly those with sensitive data. They employ various infection methods, including phishing emails and exploiting Remote Desktop Protocol vulnerabilities. Meow Ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms, leaving behind a ransom note instructing victims to contact them for decryption.

Potential Vulnerabilities and Impact

The San Francisco Ballet's extensive digital infrastructure, which includes sensitive employee and client data, makes it an attractive target for ransomware groups like Meow. The attack underscores the importance of cybersecurity measures, particularly for organizations in the arts sector that may not prioritize digital security as highly as other industries. The breach could have significant implications for the ballet company, affecting its operations, reputation, and financial stability.

Sources

• SOCRadar - Dark Web Profile: Meow Ransomware
• San Francisco Ballet Official Website
• SalvageData - Meow Ransomware
• GuideStar - San Francisco Ballet Profile
• WatchGuard - Meow Ransomware