A notorious ransomware gang claims to have stolen a terabyte of NAFFCO’s internal data, putting one of the Gulf’s biggest fire-safety giants under intense scrutiny.
The INC ransomware gang posted NAFFCO on its leak site on the dark web, stating that it took 1TB of the company’s data.
Headquartered in Dubai, NAFFCO FZCO is among the top-tier producers and suppliers of firefighting equipment, fire protection systems, fire alarms, security, and safety engineering systems, with $4.4 billion in annual revenue.
NAFFCO’s clientele spans a wide range of industries. Its customers include major government agencies, civil defense authorities, and emergency-response organizations.
The company has developed fire safety projects for iconic buildings across Dubai, including the world’s tallest building, the Burj Khalifa, the Louvre Abu Dhabi, and the Oman Convention and Exhibition Centre.
In the energy sector, NAFFCO partners with major oil and gas companies, including Abu Dhabi National Oil Company (ADNOC), ADCO, and ZADCO, to deliver fire safety projects.
The ransomware note came up on the INC Ransomware leak site on November 17th.
“The official website of NAFFCO says: Our success is driven by our passion to protect. We do not know for certain how well they protect their clients, but they could not protect themselves,” write attackers on the post, threatening the company.
Such tactics are common among ransomware gangs, as they pressure the victim to negotiate and pay ransom to avoid attackers leaking or selling the stolen data.
What data has allegedly been stolen?
The gang provided 47 screenshots of allegedly stolen data. Cybernews researchers have examined the images and identified potential elements involved in the data leak. They include:
- Documents that reveal the company’s operational details, such as the company’s structure, employee names, job positions, emails, phone numbers, and amounts of money involved in their projects
- A list of annual contracts with other companies, including client company names, amounts of money involved, and sales representatives
- Individual contracts with the client companies
- Employee lists, including their names, jobs, departments, PII from their ID documents, and visas
- Photos of employee ID documents
Considering the type of data present in the data samples, a leak could pose a significant risk. The affected employees are at heightened risk of identity theft and social engineering attacks.
The leak may also pose a reputational risk to the company, as it could expose both business operations and the information about employees.
Cybernews has reached out to the company for a comment, but a response has yet to be received.
Who is INC Ransom?
INC Ransom, likely linked to Russia, emerged in July 2023. The gang has claimed 453 victims, according to Cybernews' dark web monitoring tool, RansomLooker.
The gang runs a multi-extortion operation, which means it doesn’t just encrypt the victim’s files – it also steals data and threatens to leak it if payment is not made.
INC Ransom is known for not discriminating when it comes to targets. The gang has attacked hospitals, schools, governments, and tech companies.
Recently, the gang claimed to have stolen 47GB of data from a major golf apparel company, Summit Golf Brands. The company manages well-known golf apparel and sportswear labels like Zero Restriction, B. Draddy, Fairway & Greene, and EP New York.
The cyber cartel has been inching towards the top of the most prolific offenders, with victims like DoD defense contractor Stark AeroSpace, the San Francisco Ballet, the City of Leicester in England, the NHS Dumfries and Galloway Health Board of Scotland, and the Xerox Corporation on its list.
Also among its alleged victims is Ahold Delhaize, the $99 billion retail titan behind your local Stop & Shop and Albert Heijn.
Mount Rogers Community Services has also appeared on a ransomware gang’s dark web leak site, with attackers suggesting it stole multiple private details from the organization’s systems.
INC Ransom also managed to hack a cemetery. In June, the gang added The Catholic Cemeteries of the Diocese of Hamilton in Canada to its dark web forum.
In July this year, the gang claimed to have stolen 260GB of data from Thomasville, a North Carolina city.
CNN Indonesia, the nationwide broadcast and online news network, was also claimed by the gang at the beginning of this year by the notorious group.
Unlock more exclusive Cybernews content on YouTube
Your email address will not be published. Required fields are markedmarked