Hive ransomware group, in a leak site post, claimed to have attacked GMM Grammy, the largest media conglomerate entertainment company in Thailand. No screenshots were available on the threat post.
The attackers described GMM Grammy as the “media company with the lowest level of security in Asia”. They claim to have downloaded “critical sensitive data” to their servers and encrypted it, threatening to upload the data “into the public domain automatically in 48 hours after the attack”.
According to the threat note, the information of GMM Grammy encrypted includes the details of its partners, clients, musicians and “showbiz stars”.
“The information we have is capable of completely disrupting GMM Grammy’s business, severely harming the showbiz stars doing business with them and implicating all GMM Grammy clients in cases of lawbreaking using their personal information.”
The ransomware group has also offered to patch the vulnerabilities of their information systems. “If GMM Grammy makes the right decision and protects its customers’ information on our terms, we will provide them with full information about the vulnerabilities in their system with detailed recommendations on how to fix them.”
The company is yet to make an announcement conceding or denying the ransomware group’s claims.
Ransom attacks Thailand
The most common cyber threat in Thailand in 2022 will be ransomware attacks, said Vilaiporn Taweelappontong, Lead Consulting Partner and Financial Services Leader for PwC Thailand, in an advisory.
The majority of CEOs still don’t have a clear grasp of their business ties and vendor or supplier networks, despite the fact that third-party cyber threats are among their top worries right now. According to her, this makes it challenging to regulate and stop data leaks.
“This is a complex issue as it involves third-parties, business partners, outsources, contractors, service providers, as well as others who work and share information within the same ecosystems. An organisation may have good security system management, but from the many cases we’ve seen, it’s hard for them to fully control their third parties,” Vilaiporn said.
Hive, a possible RaaS player
Hive has been in cybersecurity news since spotted for the first time in 2021. The FBI considers Hive as a likely ransomware-as-a-service (RaaS) organization consisting of a number of actors using multiple mechanisms to compromise business networks.
“Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network,” said an FBI flash report on the ransomware.
“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks.”