Har Shalom, a temple in Warren, New Jersey is now under the grip of the infamous ransomware group, Sodinokibi. The temple revealed that they were breached after being unable to connect to the internet. And further investigations surfaced just a ransomware note asking for half a million for the decryptor.
The Infamous Group
Sodinokibi is just another data-stealing malware that infects users via malicious links and spreads throughout the network, rapidly. Analysts feel Sodinokibi be an evolution of GandCrab, an infamous group that’s responsible for around 40% ransomware attacks in 2018-19. The group’s recently active of hacking NYC airport, Travelex and also leaking data of a company that failed to pay a ransom in time.
While there’s no official statement from the Temple yet, BleepingComputer has overlooked onto an email sent by the victim to its congregation regarding the issue and reported the breach. As it said, the Temple has realised a breach on January 9th this year which led systems and the whole network to be encrypted.
It reported that the staff had trouble in connecting to the internet, and after checking with servers, they confirmed the whole network was encrypted. Further, the temple reported that they had the data backed up in mechanical drives, but they’re breached too!
Backups Were Breached Too
BleepingComputer’s peeked into Temple’s letter said,
“The encryption affected all of our server-based files and electronic data. We have a mechanical back up for those files and data, but the back-up was encrypted as well. Certain computers were affected in full. Others were unaffected and remain functional.”
It further reported that an incident familiar person told BleepingComputer the ransom amount is around $500,000!
This led Temple to try contacting the congregation members to rearrange to breached data, thus evading the ransom. Temple stated that
“Beyond names, addresses and e-mail addresses of congregants, because of the way we segregate our files, we do not believe that confidential personal membership information (such as financial information) was accessed. Nonetheless, as we noted above, be particularly mindful of phishing scams.”
Source – BleepingComputer