UK-based IT services company Agilitas has been posted to a dark web victim blog of cybercrime gang Donut following an apparent ransomware attack. The gang claims to be in possession of the source code and SQL databases belonging to the business.
The gang claims to have been in contact with Agilitas, which is headquartered in Nottingham and founded in 1990. “We can say for sure – you [have] seen our message,” reads the blog post. “If you will keep silent we gonna start posting the source code and SQL databases we exfiltrated from your computer network.
“First pack of data will contain 30GB of source code.”
Agilitas provides networking, server and storage solutions to its clients across the UK and beyond, and works with technology from vendors including Cisco, Dell and Oracle.
No ransom demand, or deadline for payment, has been published on the site.
Data extortion and ransomware gangs will often threaten to leak information onto the dark web as a means of forcing a victim company to cooperate with their demands. This post may be evidence that the company has been contacted by the gang and has refused to cooperate, in line with UK National Cyber Security Centre (NCSC) guidelines on how to deal with such an attack.
“Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom: there is no guarantee that you will get access to your data or computer. your computer will still be infected,” the NCSC says.
Donut demanding the dough
Donut was first spotted in action by security researchers in August of this year and appears to favour data extortion tactics. So far this year it has reportedly attacked Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and construction company Sando.
Its victims appear to be posted by other prolific ransomware gangs like Hive and Ragnor Locker, though data posted to the Donut’s victim blog tends to be more extensive than the information that appears elsewhere.
A German insurance company called Gossler, Gobert and Wolters Group (GGW Group) has also been posted to Donut’s blog. The gang claims to have lifted 2.6TB of data from the company’s computer network.
A spokesperson for Agilitas IT Solutions confirmed that the company had been a victim of a cyberattack “by an organised criminal group” but added that the “business remains fully operational”.
The spokesperson said: “We take the protection of data incredibly seriously, and we are working with our team and external cybersecurity experts to investigate this incident. We are in the process of making notifications to the National Cyber Security Centre and the police, via Action Fraud.”
They added: “Our priority at this time is supporting our colleagues and customers.”