A ransomware cartel has claimed the renowned crisis communications firm Singer Associates. The group shared snippets of data supposedly taken from the company.
Singer Associates was claimed by the Qilin ransomware gang. The attackers posted the well-known public relations (PR) firm on their dark web blog, which showcases the gang’s latest victims.
We’ve reached out to Singer for comment and will update the article once we receive a reply.
Meanwhile, Qilin accompanied the post with a lengthy tirade about the company’s perceived wrongdoings. Singer has been hired by numerous major corporations, including Chevron, Bayer, Airbnb, Visa, Ford, and many others.
Importantly, however, attackers claim they have access to an archive that contains “absolutely all the inside information about the work of Singer Associates: schemes to manipulate voters and customers, facts of forgery and misinformation, lies and fakes, deceit and fraud.”
It’s likely that Qilin’s post is aimed at coaxing Singer into succumbing to the gangs’ ransom demands. Ransomware gangs often employ similar tactics, threatening to leak information if their victims are not too keen on paying up.
The post could also be an attempt by the attackers to portray themselves as hackers who publish data from supposedly “unethical” companies. However, Qilin is known to be a financially motivated actor, making any attempts at leaking data for ethical reasons hard to believe.
Since the attackers didn’t provide actual data samples, it is impossible to know how much data they may have access to. However, the gang did include a handful of screenshots that appear to be taken from various legal documents supposedly related to Singer.
The Cybernews research team looked into the information and concluded that Qilin at least attempts to paint this as hacktivism. The screenshots that the gang added to the post supposedly show the PR firm's methods, which included plans for monitoring activist activities, researching their financial backers, and actively managing media narratives for their clients.
“Internal documents from the leak appear to detail Singer Associates' work for major clients like Chevron, outlining a strategy to counter environmental activists involved in the Ecuador pollution lawsuit," our researchers said.
Who is the Qilin ransomware gang?
The Qilin ransomware has been on the radar for quite some time, first noticed around 2022. The gang runs a classic ransomware-as-a-service (RaaS) business, where key developers sell access to malicious software for a cut of ransom payments. Developers rarely attack themselves, leaving the dirty jobs to affiliates.
Qilin operates by infecting target systems and stealing as much information as it can. Depending on the business they attack, the cybercrooks proceed to either lock the company out of its systems or leak stolen data to the public.
Qilin has been inching towards the title of the most active ransomware cartel. According to the Cybernews dark web monitoring tool, Ransomlooker, the gang has victimized at least 503 organizations in the last 12 months. Only RansomHub is above Qilin, having victimized 508 organizations in the same amount of time.
Past victims include Inotiv, a big pharma research corporation, global energy and manufacturing giant SK Group, the Houston Symphony, Detroit’s PBS TV station, top North American auto parts suppliers Yanfeng, and the prestigious Utsunomiya cancer treatment center in Japan.
Your email address will not be published. Required fields are markedmarked