Unauthorized cyber intruders have disclosed stolen information following a ransomware incident in Rhode Island, according to authority alerts.
In a significant cybersecurity incident, Rhode Island officials have confirmed that a ransomware group called Brain Cipher has targeted the state's social services database, RIBridges. The attack was disclosed on December 5, impacting approximately 650,000 people.
Brain Cipher, active since June 2024, is known for using the LockBit 3.0 payload in their ransomware attacks. Upon infiltrating a network, the group leverages tools and exploits to move laterally, often targeting Windows domain administrator credentials to maximize their reach.
The attack on RIBridges, which administers several social services programs, including Medicaid and Temporary Assistance for Needy Families, has led to the leak of sensitive personal data, including names, addresses, Social Security numbers, dates of birth, and some personal banking information.
Officials have emphasized that January payments for food assistance and cash benefits will show up on time. They are also taking steps to ensure health insurance benefits are not disrupted by the attack. McKee, the Rhode Island Governor, stated that the state is working with Deloitte to identify the names of people impacted by the hack and will send consumer notification letters directly to them. These letters will include information on how to set up credit monitoring.
Deloitte has been in contact with Brain Cipher, who had threatened to leak data if their demands were not met. The contents of the files are being identified as a complex process. Researchers from Sophos have confirmed that Brain Cipher posted detailed information on a leak site claiming credit for the RIBridges database incident.
In similar ransomware cases, affected agencies usually take steps such as disconnecting impacted systems, conducting forensic investigations, notifying affected individuals, and providing credit monitoring and identity theft protection services to mitigate harm. Agencies often engage external cybersecurity and legal counsel, report to relevant authorities, and may offer guidance on protective measures for impacted parties.
Officials are urging residents to be mindful of potential fraud due to the leaked credentials and to check their credit reports. As the situation develops, Rhode Island residents are encouraged to monitor official government announcements or trusted cybersecurity news sources for updates on affected individuals and official recovery/mitigation actions.
1.Despite the ongoing ransomware attack by Brain Cipher on Rhode Island's social services database, RIBridges, officials have assured that January payments for food assistance and cash benefits will not be delayed.
- As the attack has led to a leak of sensitive personal data, Rhode Island Governor, McKee, has stated that the state is working with Deloitte to identify the individuals impacted by the hack and will send consumer notification letters with information on how to set up credit monitoring.
- In light of the leaked credentials following the RIBridges ransomware attack, Rhode Island residents are urged to be vigilant against potential fraud, check their credit reports, and monitor official government announcements or trusted cybersecurity news sources for updates on the situation.
