Housing Group Struck by Sodinokibi Data Thieves

Written by

A housing association in East Anglia has suffered a ransomware attack, leading to the compromise of an unknown volume of employee and customer data.

Norwich-headquartered Flagship Group put out a statement last week that it was forced to take most of its IT systems offline after the Sodinokibi strain entered the company via a phishing attack.

Although these efforts were described as “successful,” the association admitted that “there has been some data encryption, and some personal customer and staff data has been compromised.

“Having completed the containment stage of our remediation process, detailed forensic analysis is fully underway, and we are now working towards recovery of all our systems,” the statement continued. “We have been able to restore several internal systems and are now working towards resuming normal operations as quickly as possible.”

The police and regulator the Information Commissioner’s Office (ICO) have been notified.

It remains unclear how many individuals have been affected by the data theft, although Flagship Group claims to be a landlord for over 30,000 homes in the east of England.

Sodinokibi (REvil) is one of the more prolific strains out there, spotted in attacks targeting hospital VPNs earlier this year. It was the number one variant in Q1 2020, accounting for 27% of attacks analyzed by Coveware.

This latest victim may not be as high profile as many over recent weeks, but it is increasingly common for SMBs to be struck by ransomware, the security vendor said last week. In fact, it revealed that organizations with up to 100 employees accounted for 32% of attacks in Q3, while those with up to 1000 workers accounted for 73%.

“Over the past few days, the incident has caused considerable disruption to our staff and customer services and we are concentrating on emergency situations, to ensure our customers are safe,” said Flagship Group’s CEO, David McQuade.

“Our teams are working tirelessly around the clock to bring our systems back online, and we apologize for any inconvenience this may have caused.”

What’s hot on Infosecurity Magazine?