The Qilin ransomware group has once again surfaced, allegedly adding two significant entities from different sectors to its dark web leak site. The group, known for its double-extortion tactics, claims to have successfully breached a major governmental authority in Jordan and a financial services company in Colombia, threatening to release sensitive data stolen from their networks. This incident highlights the continuous and indiscriminate threat posed by ransomware gangs to organizations worldwide.
The threat actors have published files allegedly belonging to the victims to pressure them into paying a ransom. The compromised organizations are:
- 🇯🇴 Aqaba Special Economic Zone Authority (ASEZA): A leading administrative and governmental institution in the Hashemite Kingdom of Jordan. ASEZA plays a crucial role in the development, management, and regulation of the Aqaba Special Economic Zone, a key driver of investment and economic activity in the country.
- 🇨🇴 Promociones y Cobranzas Beta (PDC): A Colombian company established in 1987, operating as a subsidiary of the major bank Davivienda. The firm specializes in debt collection and financial assistance for personal banking portfolios.
As proof of their claims, the Qilin group has posted samples of the exfiltrated data. The leaked information allegedly includes highly sensitive documents from both organizations. For ASEZA, the breach appears to have exposed personal identification documents, such as passports, alongside internal corporate papers. The data from PDC allegedly consists of sensitive financial documents and business records. The release of this initial data set is a common tactic used to coerce victims into meeting the attackers’ demands.
Allegedly Leaked Data:
- Personal identification documents (Passports)
- Internal corporate and financial documents
- Business records and contracts
