View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 21, 2023

Donut ransomware gang claims attack on UK IT services provider

The hackers claim to have source code and SQL databases and are threatening to leak them online if their demands aren't met.

By Claudia Glover

UK-based IT services company Agilitas has been posted to a dark web victim blog of cybercrime gang Donut following an apparent ransomware attack. The gang claims to be in possession of the source code and SQL databases belonging to the business.

New ransomware gang Donut posts two victims to its dark web blog. (Photo by Viktoria Hodos/Shutterstock)

The gang claims to have been in contact with Agilitas, which is headquartered in Nottingham and founded in 1990. “We can say for sure – you [have] seen our message,” reads the blog post. “If you will keep silent we gonna start posting the source code and SQL databases we exfiltrated from your computer network.

“First pack of data will contain 30GB of source code.”

Agilitas provides networking, server and storage solutions to its clients across the UK and beyond, and works with technology from vendors including Cisco, Dell and Oracle.

No ransom demand, or deadline for payment, has been published on the site.

Data extortion and ransomware gangs will often threaten to leak information onto the dark web as a means of forcing a victim company to cooperate with their demands. This post may be evidence that the company has been contacted by the gang and has refused to cooperate, in line with UK National Cyber Security Centre (NCSC) guidelines on how to deal with such an attack.

“Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom: there is no guarantee that you will get access to your data or computer. your computer will still be infected,” the NCSC says.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Donut demanding the dough

Donut was first spotted in action by security researchers in August of this year and appears to favour data extortion tactics. So far this year it has reportedly attacked Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and construction company Sando.

Its victims appear to be posted by other prolific ransomware gangs like Hive and Ragnor Locker, though data posted to the Donut’s victim blog tends to be more extensive than the information that appears elsewhere.

A German insurance company called Gossler, Gobert and Wolters Group (GGW Group) has also been posted to Donut’s blog. The gang claims to have lifted 2.6TB of data from the company’s computer network.

A spokesperson for Agilitas IT Solutions confirmed that the company had been a victim of a cyberattack “by an organised criminal group” but added that the “business remains fully operational”.

The spokesperson said: “We take the protection of data incredibly seriously, and we are working with our team and external cybersecurity experts to investigate this incident. We are in the process of making notifications to the National Cyber Security Centre and the police, via Action Fraud.”

They added: “Our priority at this time is supporting our colleagues and customers.”

Read more: Microsoft admits massive data breach two years after the event

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.