Ransomware Attack by DonutLeaks Compromises All-Mode Communications' Systems

Incident Date: Jul 18, 2024

Attack Overview
VICTIM
All-Mode Communications
INDUSTRY
Telecommunications
LOCATION
USA
ATTACKER
Donutleaks
FIRST REPORTED
July 18, 2024

Ransomware Attack on All-Mode Communications by DonutLeaks

Overview of All-Mode Communications

All-Mode Communications, Inc., based in Freeville, New York, has been a cornerstone in the telecommunications sector since 1972. Specializing in designing and installing voice, video, and data solutions, the company serves businesses in the Central New York region. Despite its small size, with approximately five employees, All-Mode has built a reputation for providing high-quality, customized communication systems. Their offerings include both premise and cloud-based VoIP phone systems, cabling infrastructure, trunking services, and data networking solutions.

Details of the Ransomware Attack

All-Mode Communications recently fell victim to a ransomware attack orchestrated by the cybercriminal group DonutLeaks. The attack has compromised the company's data and systems, potentially leading to significant operational disruptions and financial losses. While the specifics of the ransom demand and the extent of the data breach are yet to be disclosed, the incident highlights the growing threat of ransomware attacks on small and medium-sized businesses.

About DonutLeaks Ransomware Group

DonutLeaks is a data extortion group first detected in August 2022. Known for its double-extortion tactics, the group encrypts files and leaks stolen data to extort victims. They use customized ransomware that scans for specific file extensions to encrypt, renaming encrypted files with the ".d0nut" extension. The group maintains a data storage site where stolen data is stored and can be browsed and downloaded by visitors. DonutLeaks is also known for its theatrical ransom notes and data leak site, which feature interesting graphics, humor, and ASCII art.

Potential Vulnerabilities and Penetration Methods

Given All-Mode Communications' small size and limited resources, the company may have been particularly vulnerable to sophisticated cyberattacks. Small businesses often lack the robust cybersecurity measures that larger enterprises can afford, making them attractive targets for ransomware groups like DonutLeaks. The exact method of penetration remains unclear, but common vectors include phishing emails, unpatched software vulnerabilities, and weak network security protocols.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.