A Russia-linked ransomware gang has claimed an attack on an American broadcaster. The owner's passport was allegedly exposed.
The Termite ransomware gang dropped a note on its dark web leak site, claiming to have stolen data from an American broadcaster, News-Press & Gazette Company (NPG).
Publishing warnings on the dark web is a common tactic to pressure the victims into paying ransom. While the threat actors did not specify the scope of the breach, the post includes images of stolen data, suggesting that they’re in possession of highly sensitive information.
Cybernews reached out to the company, but a response is yet to be received.
The allegedly stolen information includes:
- Revenue reports
- Passport photos
- Financial and tax data
- Excel files with budgets
- Employment information
- Other corporate documents
“The dataset contains a mix of highly sensitive personal and corporate information, including the US passport of a company principal. Furthermore, the breach exposed a spreadsheet with the personal contact information and home addresses of numerous employees,” Cybernews researchers, who checked the claims posted on the dark web, report.
If confirmed, the data breach could severely damage NPG's more than 800 employees and the company’s operations.
“The alleged breach drastically increases the risk for all employees and executives of identity theft, financial fraud, and targeted phishing campaigns due to the exposure of passport details and personal contact information,” our researchers continued.
“The exposure of internal financial statements and corporate files provides competitors with sensitive strategic information about the company's activities.”
What is NPG?
NPG is owned and operated by the Bradley family and is based in St. Joseph, Missouri. The media company provides daily and weekly newspapers in Missouri and Kansas.
The company also runs radio and television stations in California, Idaho, Oregon, Colorado, Arizona, Missouri, and Texas.
NPG Broadcast serves both English and Spanish audiences on television and radio. The group includes ABC, CBS, FOX, NBC, CW, Telemundo, Azteca, and MyNetwork affiliates.
The company’s revenue is estimated to reach $108.4 million.
Who is the Termite ransomware gang?
One of the most notable incidents attributed to Termite ransomware was an attack on Blue Yonder, a supply chain vendor. As a result of the attack, several national chains across the US and UK, including Starbucks, reported using pen and paper to track employee hours and pay.
According to Cybernews’ dark web monitoring tool, Ransomlooker, Termite has victimized at least 23 organizations over the last 12 months.
Termite first appeared in late 2024 and could be another offshoot of Babuk ransomware. Babuk’s code leak in 2021 kicked off a wave of new and more powerful ransomware strains.The first version of Babuk hasn’t been active since July 27th, 2021, when it posted its final victim on its leak site.
Authorities arrested the notorious hacker Mikhail Pavlovich Matveev, better known by his alias, Wazawaka, at the end of November 2024.
He was charged in the US with using three ransomware variants – LockBit, Babuk, and Hive – to attack thousands of victims in the US and around the world.
According to cybersecurity firm SOCradar, it has been widely discussed on dark web forums that Termite might have links to other notorious Russia-linked groups like Cl0p.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked