Housing Group Struck by Sodinokibi Data Thieves

News

Written by

Photo of Phil Muncaster

Phil Muncaster

UK / EMEA News Reporter, Infosecurity Magazine

A housing association in East Anglia has suffered a ransomware attack, leading to the compromise of an unknown volume of employee and customer data.

Norwich-headquartered Flagship Group put out a statement last week that it was forced to take most of its IT systems offline after the Sodinokibi strain entered the company via a phishing attack.

Although these efforts were described as “successful,” the association admitted that “there has been some data encryption, and some personal customer and staff data has been compromised.

“Having completed the containment stage of our remediation process, detailed forensic analysis is fully underway, and we are now working towards recovery of all our systems,” the statement continued. “We have been able to restore several internal systems and are now working towards resuming normal operations as quickly as possible.”

The police and regulator the Information Commissioner’s Office (ICO) have been notified.

It remains unclear how many individuals have been affected by the data theft, although Flagship Group claims to be a landlord for over 30,000 homes in the east of England.

Sodinokibi (REvil) is one of the more prolific strains out there, spotted in attacks targeting hospital VPNs earlier this year. It was the number one variant in Q1 2020, accounting for 27% of attacks analyzed by Coveware.

This latest victim may not be as high profile as many over recent weeks, but it is increasingly common for SMBs to be struck by ransomware, the security vendor said last week. In fact, it revealed that organizations with up to 100 employees accounted for 32% of attacks in Q3, while those with up to 1000 workers accounted for 73%.

“Over the past few days, the incident has caused considerable disruption to our staff and customer services and we are concentrating on emergency situations, to ensure our customers are safe,” said Flagship Group’s CEO, David McQuade.

“Our teams are working tirelessly around the clock to bring our systems back online, and we apologize for any inconvenience this may have caused.”

You may also like

  1. No Two REvil Attacks Are the Same, Experts Warn

    News

  2. JBS Admits Paying REvil Ransomware Group $11 Million

    News

  3. REvil Removes Apple Extortion Attempt from Site: Report

    News

  4. Jack Daniel’s-Maker Suffers REvil Ransomware Breach

    News

  5. Double Extortion Ransomware Attacks and the Role of Vulnerable Internet-Facing Systems

    Blog

What’s hot on Infosecurity Magazine?