Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Ransomware gang posts 30GB of data it claims belongs to Victorian real estate group

The Ragnar Locker gang is claiming to have breached Network Pacific Real Estate following a failure in negotiations.

user icon David Hollingworth
Tue, 03 Oct 2023
Ransomware gang posts 30GB of data it claims belongs to Victorian real estate group
expand image

The group posted a trove of exfiltrated data – archived into a series of WinRar files totalling 30.6 gigabytes – on 30 September. Alongside the Network Pacific’s address and contact details, the hacking gang also added commentary on the state of negotiations with the Victorian estate agent.

“After a very long wait for a reaction from ‘Network Pacific Real Estate’ management and attempts to convince management – that it is better to work together to fix the vulnerabilities and avoid leaks, we are forced to publish the entire data package,” a Ragnar Locker spokesperson said. “The ‘Network Pacific Real Estate’ management proved to be completely uninterested in protecting user data.”

“Unfortunately, saving money on security was much more important to the company, then [sic] protecting data and care about personal information they gathering and storing,” the hacking gang added.

“So now, according to our rules, we are publishing the full data which were compromised during security research of the ‘Network Pacific Real Estate’.”

After that, follows the same motto that Ragnar Locker shares on each of its leak posts: “Those organisations who collecting and storing private data, should be in charge of it’s [sic] privacy.”

This seems to be trying to say – somewhat rightly – that organisations charged with protecting personally identifiable information should do more when it comes to the actual protecting part.

As of writing, Network Pacific has not published an advisory of any breach on its website, nor has it responded to Cyber Security Connect’s requests for comment, both written and over the phone. Cyber Security Connect has been able to confirm the leak includes personal information belonging to Network Pacific employees.

What could be at stake?

Like many real estate agents, Network Pacific keeps a lot of customer information on file, and for some time. According to Network Pacific’s privacy policy, it collects full contact details, as well as current and desired property information.

In addition, Network Pacific collects even more information from prospective renters, including driver’s licenses, employment and income information, and information from third-party information.

“Where reasonable and practicable to do so, we will collect your personal information only from you,” Network Pacific’s privacy policy read. “However, in some circumstances, we may be provided with information by third parties. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.”

The company does not go into who such third parties are; however, it does touch on the security of the personal information it collects.

“Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure,” Network Pacific said, before adding that it keeps such information for a “minimum of seven years”.

Who is Ragnar Locker?

The ransomware gang behind the apparent leak was first observed in April 2020 by the FBI, though in truth, Ragnar Locker had been in operation since at least December 2019.

The gang is known to use brute force attacks to crack passwords and to purchase stolen credentials on the darknet. It then takes advantage of a known vulnerability – CVE-2017-0213 – to escalate its privileges and run its own custom ransomware.

In the past, Ragnar Locker has targeted gaming company Capcom and Energias de Portugal’s US operations in 2021. Other historical victims include the Campari Group and Dassault Falcon Jet, with more recent victims including Stratesys, Retail House, and Citizen, just in September alone.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.