The cyberattack that compelled the deactivation of Rhode Island’s public benefits system (RI Bridges) has possibly compromised the personal information of over 50% of Rhode Island’s population, around 650,000 people, as reported by state Governor Daniel McKee.
McKee stated there is an ongoing talk between Deloitte and the Brain Cipher group. He is getting updates on the talks, and so far, no sensitive information seems to have been exposed to the public. He didn’t provide any details regarding the amount of ransom the attackers are asking to stop the exposure of the stolen information or whether Deloitte intends to give the ransom payment. Deloitte is taking care of reestablishing the RI Bridges system immediately, but it is unlikely to be restored online until January.
The Brain Cipher ransomware group stated it is behind the ransomware attack on Rhode Island RI Bridges. It also threatened the victim to leak the stolen information when no ransom payment was given. Brain Cipher is a rather new ransomware group that came out in June 2024. The group already carried out several major attacks including an attack on Indonesia’s National Data Center, which upset operations in over 200 government institutions. The Brain Cipher group demanded $8 million in ransom payment. The group uses double extortion, data theft and encryption, and has a data leak website where it publishes stolen information when the ransom isn’t paid.
Brain Cipher included Deloitte on its data leak site and stated that only the RI Bridges system had been impacted by the ransomware attack. The listing of Deloitte on the Brain Cipher data leak website comes with a countdown timer that suggested the data leak would begin on December 17, 2024, when Deloitte does not pay the ransom. However, the countdown timer was still ticking on December 19, 2024, and indicated 13 hours left after being reset. The ransomware group seems to be expecting a ransom payment.
On December 16, 2024, State Governor Daniel McKee released a public service announcement telling all Rhode Island residents who utilized any of the impacted systems before to immediately take action to safeguard themselves against fraud and identity theft. Cybercriminals will most likely attempt to misuse the data stolen from the RI Bridges attack when the ransomware group leaks the stolen information. This could have been easily prevented if Deloitte had implemented security procedures such as HIPAA encryption.
Image credit: mahfuzakhatun, AdobeStock
