cuba attacks prophoenix

Incident Date: Apr 22, 2022

Attack Overview
VICTIM
prophoenix
INDUSTRY
Software
LOCATION
USA
ATTACKER
Cuba
FIRST REPORTED
April 22, 2022

ProPhoenix Public Safety Software Targeted by Ransomware Group Cuba

ProPhoenix Public Safety Software, a provider of integrated public safety software solutions, has been targeted by the ransomware group Cuba. The attack was announced on the group's dark web leak site, and the victim's website is ProPhoenix. ProPhoenix operates in the Software sector and offers a range of services, including Computer-Aided Dispatch (CAD), Mobile, Law RMS, Fire RMS, Corrections Management, EMS, Internal Affairs, and Citizen Services.

Company Overview

ProPhoenix Public Safety Software is an on-premise and cloud-based system that allows agencies to quickly deploy integrated solutions using web services and Microsoft's premier server infrastructure. The software is designed to enable rapid deployment and simplified management. It supports all standard reporting protocols, including NIBRS, NFIRS, NEMSIS 3.5.0, and more.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the successful attack by Cuba are not detailed in the search results. However, it is mentioned that the ransomware group uses a .NET payload and can self-propagate by using PsExec to remote execute itself on other hosts on the local network.

Industry Standing and Impact

ProPhoenix Public Safety Software is known for its integrated system that eliminates the need for duplicate entries and offers high-end solutions at an affordable price. The company's support and customer relationships are highlighted as key aspects of its success. The attack by Cuba could potentially disrupt the services provided by ProPhoenix, affecting the operations of the agencies that rely on their software.

The ransomware attack on ProPhoenix Public Safety Software by Cuba highlights the ongoing threat of cyber attacks in the software sector. The specific vulnerabilities exploited by the attackers are not detailed in the search results, but the use of a .NET payload and self-propagation capabilities suggest a sophisticated and potentially targeted attack. ProPhoenix's reputation for integrated solutions and customer support may have made them a valuable target for ransomware groups.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.