Staff and tenants of a housing charity serving rural Highlands communities have had their personal details revealed on the dark web following a cyberattack.
Confidential documents belonging to Albyn Housing Society have been revealed in a hack by a ransomware gang that security experts have linked to Russia.
The information, amounting to 10 gigabytes of data, was leaked on a part of the internet that is accessible through specialist web browsers.
The gang, RansomHub, published details of the attack on August 17, a day after the organisation, headquartered in Invergordon, reported a ‘systems outage’.
In a message on its website, the organisation apologised for the inconvenience.
It said: “Albyn is currently experiencing a system outage that may impact the service we can provide.
“Our phone lines are unaffected, and you can still contact us to report a repair or manage your tenancy but please be aware that technical issues may cause delays as we find ways to assist everyone as efficiently as possible.”
However, the charity’s boss confirmed on Wednesday that the actual cause had been a cyberattack.
Kirsty Morrison, chief executive of Albyn Housing Society, said: “Albyn Housing Society has been subject to a cyberattack in which our data systems were illegally accessed.
“As soon as we became aware of this, we have been working round the clock to minimise the potential impact of this, and working with all relevant agencies and any stakeholders affected. It is devastating that a charity whose main focus and purpose is to maintain and build homes, and support communities and individuals, has been targeted in this manner.”
“We would like to thank all agencies who have supported us since the incident occurred.”
Futurescot has seen details of the files published by the gang, which include staff data such as payroll and expenses claims as well as personally-identifiable information about tenants.
Albyn, which started in 1973 by building homes for the incoming workers at Invergordon smelter, now manages over 3,800 properties in 70 communities across the Highlands.
The hack is just the latest in a series of recent data breaches affecting Scottish organisations delivering vital services. In November last year, Western Isles Council was hit by a suspected ransomware gang, and in March NHS Dumfries & Galloway was targeted in a similar incident.
Globally, ransomware – which locks organisations out of their systems or data unless they pay for a ‘decryption key’ to regain access – is predicted to cost in excess of £8 trillion next year, according to Cybersecurity Ventures, a leading cybersecurity research group.
Security experts said last night that the RansomHub gang launched their operations in February this year.
And they quickly made a name for themselves as part of a massive data dump of medical files belonging to American citizens.
Allan Liska, Intelligence Analyst at Recorded Future, said: “RansomHub has been around since February of this year and has quickly become one of the most prolific ransomware groups operating today.
“The gang has recently been ramping up its activities and in August alone it claimed 60 victims.
“The gang rose to prominence following a cyberattack that led to the shutdown of the largest healthcare payment system in the United States, in February this year. It listed stolen data for sale from the Change Healthcare group on its dark web site following an attack by another cybercrime threat actor, known as ALPHV/Blackcat. The gang claimed to have obtained the medical records of most American citizens.”
He added that whilst it was difficult to say for certain where all the gang members were located in the world, that they were confident the principal organisers were Russian.
He said: “Attribution is almost always imperfect, but we have high confidence that the organisers of RansomHub are Russian, or at least Russian-speaking.”
In terms of the group’s profile, it is thought that they are related to the Knight ransomware gang, which shut down in February. Security experts say that the code used by RansomHub is based on Knight’s although there is no known threat actor overlap between the two groups, with the likelihood that RansomHub simply purchased the code.
It is also though that their affiliates have been collaborating with Scattered Spider, which gained notoriety last year for hacking Caesars Entertainment and MGM Resorts International, two of the largest casino and gambling companies in the United States.
A Police Scotland spokesperson said: “On Monday, 19 August, 2024, we received a report of a cyber incident having impacted a business premises in Invergordon. Enquiries are at an early stage, and we are providing support to those affected.”
Jude McCorry, chief executive of the Cyber & Fraud Centre – Scotland, said: “The attack on Albyn Housing is a reminder to all organisations that the threat of cyber attacks is very real in Scotland, and no one is immune to this threat. Organisations can make themselves more resilient against attacks but also prepare themselves for an attack.
“I would recommend that organisations keep up with software/patch updates, provide training for staff, build and test your incident response plan and have a good cyber culture from the board down.
“There are lots of free or cost effective resources that you can use to help you on your cyber journey.”
For organisations needing support around a cyber incident call police scotland on 101 or the Incident response line on 0800 167 0623 for advice and guidance.