IT providers and enterprise consulting firm HTC World Companies has confirmed that they suffered a cyberattack after the ALPHV ransomware gang started leaking screenshots of stolen information.
HTC World Companies is a managed service supplier providing expertise and enterprise providers to the healthcare, automotive, manufacturing, and monetary industries.
Whereas HTC has not posted an announcement to the corporate web site, they issued a quick announcement final evening on X confirming the assault.
“HTC has skilled a cybersecurity incident,” reads a tweet posted to HTC’s X account final evening.
“Our group has been actively investigating and addressing the scenario to make sure the safety and integrity of person information.”
“We have enlisted cybersecurity consultants and are working to resolve it. Your belief is our precedence.”
This announcement comes after the ALPHV (BlackCat) ransomware gang listed HTC on their information leak web site, together with screenshots of allegedly stolen information.
The leaked information contains passports, contact lists, emails, and confidential paperwork allegedly stolen throughout the assault.
Whereas little details about the assault on HTC is obtainable, cybersecurity skilled Kevin Beaumont believes the corporate was breached utilizing the Citrix Bleed vulnerability.
In line with Beaumont, one in every of HTC’s enterprise models, CareTech, operated a weak Citrix Netscaler gadget, which was exploited for preliminary entry to the corporate’s community.
BleepingComputer has contacted HTC World Companies with questions concerning the assault and whether or not they had been breached utilizing Citrix Bleed, however a response was not instantly obtainable.
ALPHV is amassing victims
The ALPHV/BlackCat ransomware operation launched in November 2021, is believed to be a rebrand of the DarkSide and BlackMatter ransomware operations.
As DarkSide, the group gained worldwide consideration after they breached Colonial Pipeline, resulting in intense stress from legislation enforcement companies globally.
After rebranding once more as BlackMatter in July 2021, their operations abruptly ceased in November 2021 when authorities seized their servers, and safety agency Emsisoft created a decryptor exploiting a ransomware vulnerability.
This ransomware operation is understood for constantly concentrating on world enterprises and repeatedly adapting and refining their techniques, and has seen a surge in assaults just lately.
This evolution contains working with English-speaking menace actors, who make the most of their encryptors and infrastructure to launch extortion assaults.
In a current incident, a bunch of English-speaking associates tracked as Scattered Spider claimed accountability for the assault on MGM Resorts, saying they encrypted over 100 ESXi hypervisors throughout the assault.
This week, one ALPHV affiliate claimed to have stolen information from Tipalti and mentioned they’ve begun to extort impacted corporations individually.
The corporate has additionally just lately attacked a publicly owned electrical energy supplier and a hospital community, each categorized as essential infrastructure in the USA.
The assaults on essential infrastructure might as soon as once more be the tipping level that results in elevated scrutiny by US legislation enforcement.
