[TVARC] ARRL Cyberattack

[wa1utq at embarqmail.com]

ARRL finally confirms ransomware gang stole data in cyberattack

The American Radio Relay League (ARRL) finally confirmed that some of its
employees' data was stolen in a May ransomware attack initially described as
a "serious incident."

ARRL, the National Association for Amateur Radio, said in data breach
notifications recently sent to impacted individuals that it detected the
"sophisticated ransomware incident" after the attackers breached and
encrypted its computer systems on May 14.

After discovering the breach, ARRL
<https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbo
ok-of-the-world-offline/> took impacted systems offline to contain the
incident and hired external forensic experts to help assess the attack's
impact.

In early June, it also revealed that its systems were hacked by a "
<https://www.bleepingcomputer.com/news/security/american-radio-relay-league-
says-it-was-hacked-by-an-international-cyber-group/> malicious international
cyber group" in a "sophisticated network attack."

"Our investigation has determined that the unauthorized third party may have
acquired your personal information during this incident,"
<https://www.documentcloud.org/documents/24803975-arrl-breach-notification>
it told individuals whose data was stolen.

"Please know that we have taken all reasonable steps to prevent your data
from being further published or distributed, have notified and are working
with federal law enforcement to investigate.

"Impacted data may have contained your personal information, including your
name, address and social security number."

n a
<https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8
318/bdd10bdd-4af6-4289-b4f0-08b468c0ce65.html> filing with the Office of
Maine's Attorney General this week, the organization claims that this data
breach only affected 150 employees.

Although ARRL said no evidence was found that the stolen personal
information was misused, it still decided to provide those impacted by this
data breach with 24 months of free identity monitoring through Kroll out of
"an abundance of caution."

ARRL has not linked the attack to a specific ransomware gang, but sources
told BleepingComputer that the Embargo ransomware operation was behind this
incident.

However, although this ransomware group first surfaced in May and has since
added only eight victims to its dark web leak site (some already removed,
likely because they paid a ransom), ARRL has yet to be listed.

ARRL stated in the breach notifications that they have taken "all reasonable
steps to prevent your data from being further published or distributed,"
which could be taken to mean that a ransom was paid to prevent the data from
being leaked.

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/tvarc/attachments/20240712/0e74718d/attachment-0001.html>