While performing our routine dark web scans, we stumbled once again to the page of the Xing Locker group who has recently joined the limelight of the ransomware groups. Unfortunately for their victims, aside from getting their files encrypted. Their data is also stolen.
Now they recently struck a Middle Eastern investment company in UAE. Sharafi Group Investments.
The business mainly focuses on Mortgage & Investments, where it is said that the total revenue is $122 M. The size of the stolen data is 140 GB. Delving deeper into the downloadable page of XING Locker, it will look exactly like this
Unlike other Ransomware gang sites that provide download links over the onion, the Xing Locker group gives the directory structure itself still over the TOR network.
Usually, these type of online directories can be downloaded by using a Linux command
“wget -r -np -nH –cut-dirs=3 -R index.html http://domain/xxx/yyy/zzz/aaa”
While this downloadable directory is not a just click download, it does provide some ease of download to those who know how to get by it.
Sharafi Group Investments appears to have their data exposed due to non-payment of the ransom attack. The type of files exfiltrated and found by our team are log files and the actual files that mention sensitive stuff such as payroll, contacts, deals, and other sensitive documents important for a business. Here is a glimpse of sensitive data where it involves the pay raise of an employee
By the looks of it, the Real Estate Industry is susceptible to Ransomware attacks, being successfully owned by a recently established ransom group. It speaks volume. Corporations and businesses must consider beefing up their security because nobody is exempted from becoming a cyberattack victim. Misconfiguration and exploits is a sure way to get a system attacked by different sort of malicious program. The financial industry should have learned its lesson by now, as the year 2020 was not a good year for financial institutions when the pandemic started. It could be a reason why other sectors are directly targeted by ransomware gangs because the non-financial industries never saw it coming.
Fortunately, cybersecurity companies such as iZOOlogic provide Vulnerability Assessment services to pinpoint and scan vulnerabilities on live websites to proactively detect potentially vulnerable and malicious scripts that exist on a website that can be utilized by a threat actor as leverage for attacks. We can tell that the new large-scale Phishing attack is an exfiltration and ransom encryption attacks.