The RIBridges system, a very important tool for Rhode Island's social services, has become the latest victim of a ransomware attack, resulting in the leak of personal data belonging to hundreds of thousands of residents. This breach, orchestrated by the Brain Cipher ransomware group, has raised serious concerns about the security of systems handling sensitive information.
What is RIBridges?
RIBridges is the vital system for Rhode Island that runs social support programs, such as access to health care, food assistance, childcare, and more. Much of the private data in this compromise was made vulnerable to exploitation.
Timeline of the Incident
1. First Warning: On December 5, Deloitte, the vendor responsible for RIBridges, warned Rhode Island officials that there may have been a security breach.
2. Confirmation of Breach: By December 10, it was confirmed that hackers had indeed accessed the system. The hackers even published screenshots of the stolen file directories on Deloitte's screen.
3. Action Taken: Confirmation of presence of harmful code led to system shut down to minimize damage, and this occurred on December 13.
What Data Was Leaked?
Last week, a group known as Brain Cipher began to leak their stolen files on the dark web. It claims to have included names, addresses, birth dates, Social Security numbers, and banking details of people. The list contained both adults and minors. Other reports also suggest that some file folders contained database backups and system archives.
Implications for Rhode Island Residents
This breach has potentially exposed around 650,000 individuals to identity theft and fraud. Governor Dan McKee has advised residents to take immediate steps to protect their data. This includes freezing credit reports, monitoring accounts for unusual activity, and staying cautious of phishing attempts that may exploit the stolen information.
The Brain Cipher ransomware group, operating since mid-2024, is known to use advanced encryption tools and a data leak website to extort victims. Its operations were first brought to public attention after attacking Indonesia's temporary National Data Center. In that attack, it used a modified version of a leaked codebase for an encryptor to breach RIBridges.
Although the data leak site from the gang remains inaccessible, reportedly as a result of a distributed denial-of-service attack, their negotiation page on Tor remains active. It appears they are still pushing the victims or perhaps even looking for further extortions.
What's Being Done?
The IT teams in state work to comprehend the full effect of the breach and to secure the system. Residents are advised to stay vigilant and to take proactive steps to prevent these risks caused by the leakage of such data. This attack calls out the increased risk of ransomware and an increased need for cybersecurity measures in securing crucial public systems and sensitive information on individuals.
Panaji: In a disturbing cybercrime case, the Goa Cyber Crime Police arrested a Bengaluru resident, Mohan Raj V, for allegedly cyberbullying and extorting a woman from Goa. The arrest was made on Saturday after a strategic operation by the police team.
The case began when the victim, a woman from Goa, filed a complaint with the cyber crime police. She reported that the accused had posted a fake job advertisement for a position at a foreign bank. Responding to the advertisement, the woman was contacted via a chatting app by the accused, who arranged an online interview. During the video call, individuals posing as company representatives coerced the woman into undressing. They recorded the video and took screenshots, which were later used to blackmail her.
According to the complaint, the accused demanded sexual favours in exchange for deleting the compromising material. Over the past two months, he persistently harassed the woman, threatening to make the videos and pictures public if she did not comply. He also demanded that she meet him in Bengaluru.
Following the complaint, the police, led by Superintendent of Police Rahul Gupta, devised a plan to apprehend the accused. A team, including the victim, travelled to Bengaluru and laid a trap. After extensive efforts and a lengthy chase, the accused was caught when he arrived to meet the victim. The police recovered the chats and videos from the accused's phone, which will be sent for a cyber forensic examination.
The investigation revealed that Mohan Raj V used VPN phone numbers to create fake Telegram accounts and post fraudulent job offers. He targeted women by promising high salary packages and conducting fake online interviews.
The accused has confessed to his crimes and has been booked under several sections of the Indian Penal Code, including section 354A (sexual harassment), section 384 (extortion), and relevant provisions of the Information Technology Act. The case is being further investigated by Police Inspector Deepak Pednekar.
SP Rahul Gupta urged the public to verify the authenticity of online job offers through local or cyber police stations before engaging with them. He also cautioned against complying with unethical online demands, no matter the promised benefits.
This case highlights the growing menace of cybercrime and the importance of vigilance in online interactions. The Goa Cyber Crime Police's successful operation furthers the cause for robust cyber security measures and public awareness to prevent such incidents.
In December, international law enforcement targeted a gang, leading to the seizure of various websites and digital decryption keys, as reported by Reuters. In response to this crackdown, the Blackcat hackers threatened to extort critical infrastructure providers and hospitals.