The notorious Mind Cipher ransomware group has started releasing pilfered documents seized during a cyberattack on Rhode Island’s RIBridges social enterprises platform, sparking concerns about the potential fallout.
The RIBridges system is a built-in eligibility platform used by the state to manage and distribute social welfare packages, including healthcare, meal assistance, child care, and other services.
After discovering discrepancies in their system, Rhode Island was informed by Deloitte, its vendor, on December 5 that it had been a target of an attempted cyber attack to breach its RIBridges system. Despite earlier suspicions, it wasn’t until December 10 that authorities confirmed malicious actors had successfully breached the system, compromising sensitive data.
“On December 10, the State confirmed with Deloitte’s validation that a breach occurred in the RIBridges system, substantiated by a screenshot of compromised file folders sent by the hacker to Deloitte, as stated by the federal government.”
“On December 13, Deloitte announced that malicious code had infiltrated their system, prompting the State to instruct them to shut down RIBridges entirely as a precautionary measure to rectify the situation.”
In the final week, the notorious MindCipher ransomware gang suddenly began publicly disclosing some of the data it had stolen from various organizations through its dedicated information leak website.
Cybersecurity researcher Connor Goodwolf has reportedly obtained and analyzed data containing sensitive, non-public information about both adults and minors.
Ransomware group Mind Cipher has released sensitive information stolen during the Deloitte RIBridges hack, compromising the personal identifiable information (PII) of both adult and minor individuals.
According to screenshots provided by GoodWolf, the compromised data comprises multiple archives suspected of holding Oracle databases, backups, and assorted sensitive information.
Goodwolf was reportedly targeted in a data breach that saw hackers steal and leak sensitive information from Metropolis’s IT community, allegedly carried out by the notorious Rhysida ransomware gang. The lawsuit was subsequently dismissed.
Governor McKee recently issued a public statement revealing that certain data had been compromised and made available on the dark web.
According to Deloitte, the cybercriminal had allegedly released confidential information from RIBridges onto the darknet. While IT teams work tirelessly to uncover key insights, a critical step for Rhode Islanders lies in safeguarding their personal data immediately, Governor McKee cautions on Twitter.
Approximately 650,000 people were affected by the breach, with their names, addresses, birthdates, Social Security numbers, and sensitive banking information compromised in the attack.
Due to the sensitive nature of this information, law enforcement officials urge Rhode Island residents to freeze and closely monitor their credit reports to prevent potential fraud and identity theft. Additionally, it is crucial to remain vigilant against targeted phishing scams that leverage the compromised data to pilfer even more sensitive information.
The Mind Cipher ransomware gang launched its first attacks in June 2024, quickly garnering attention after targeting Indonesia’s temporary National Data Center, a high-profile victim that sparked widespread concern and media scrutiny.
The ransomware group leverages an encoder developed using cutting-edge technology and exploits a data breach website to coerce victims into making a payment in exchange for restoring access to their compromised files.
The MindCipher information leak website is currently unavailable, rendering the leaked data inaccessible to users. Despite this, their Tor-based negotiation webpage remains operational, suggesting that the information leak website may be under a distributed denial-of-service (DDoS) attack aimed at preventing the dissemination of compromised data.