According to reports, recentlyMalaysia National Infrastructure Corporation（Prasarana Malaysia Bhd）Unauthorized access to the internal system resulted in a large amount of data leakage，The amount of leaked data may exceed300GB.Network security platformFalcon Feeds.iostillPosting on Twitter, a company calledRansomHubThe threat posed by ransomware organizationsIf notPayment will be made according to the specified time and will be made onsixreachsevenAnnounced within the dayThisData from the National Infrastructure Corporation.

Subsequently,Malaysia's National Infrastructure Corporation confirms on social mediarelevantThe report is true.And issue a statementIt is stated that this incident did not affectThe company'sIn daily operations, the company is collaborating with cybersecurity experts to investigate and alleviate this situation.in additionMalaysia's National Infrastructure Corporation is in talks with the National Cybersecurity Agency（Nacsa）The Malaysian Cybersecurity Agency（CyberSecurity Malaysia）Close coordination to provideMoreall roundurgentResponse measures and protectionRelated to the companyThe system is protected from further threats.

Malaysia National Infrastructure CorporationIt's a family100%A state-owned enterprise controlled by the Malaysian government, the company isMalaysian Ministry of Financeestablishment. It is Malaysia apartNational Transportation Group（KTB）One of the largest public transportation companies outside. sinceone thousand nine hundred and ninety-eightSince the beginning of the year, the company has established several wholly-owned subsidiariesOperatingbusandlrt ，Each subsidiary will specialize in different key areas of business, including Fast Rail Transit, Fast Bus Transit, National Infrastructure Management and Engineering Services, and National Infrastructure Comprehensive DevelopmentTheNational Infrastructure Rail and Infrastructure Engineering and National Infrastructure Comprehensive Solutions and Management Six Private Limited Companies.The cyber attack incident has attracted widespread public attention due to its significant role in infrastructure construction and operation in Malaysia.

RansomHubRansomware organization is a recently active and highly threatening cybercrime grouptwo thousand and twenty-fouryeartwoThe moon first appeared and quickly rose in the ransomware ecosystem. Its attack methods are diverse, with a wide range of victims and distinct technical characteristics. According to analysis,RansomHubIt is caused by ransomwareCyclopsandKnightEvolved ransomware as a service（RaaS）variant. along withBlackCat/ALPHVWithLockBitAfter the collapse of the ransomware organization, many partners turned to seek refugeRansomHubFurther strengthening its strength.

RansomHubInvasion of victim systems through various means, including phishing attacks and exploiting known vulnerabilities (such as...)Apache ActiveMQTheAtlassian ConfluenceWaiting for security vulnerabilities, password spraying, etc. After successful invasion,RansomHubWe will create sustainable user accounts on the system and use security testing toolsMimikatzCollect credentials and elevate permissions to administrative level. Through various commands and control methods such as remote desktop protocol, move horizontally within the network and steal data.RansomHubAdopting a dual ransomware model, which involves encrypting the system and leaking data to extort the victim. It creates a user interface for the victimIDAnd contact the victim through a specific foreign website, requesting the victim toWithin the specified timePay the ransom, otherwise the stolen data will be leaked.

As of now,RansomHubSuccessfully attacked at leasttwo hundred and tenVictims at home have a wide range of affected areas, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, manufacturing, transportation, and critical infrastructure. According to reports, boutique auction house Christie's, Taiwanese laptop OEM company Blue Sky Computer, and American Medical GroupChange Healthcare, as well as the Family Planning AssociationIntermountainBranches and other institutions have been reportedtooSufferingreachintrusionThe news.

RansomHubNot only forWindowsTheLinuxComputers are starting to attackVMware ESXiVirtualization environment. in the light ofESXiThe ransomwareC++Development, with specialized capabilities forVMwareThe functions of virtualization environment, such as deleting snapshots, forcing virtual machines to shut down, and listing the list of files to be encrypted.ESXieditionRansomHubIt also has the ability to erase criminal traces, such as stopping useESXiThe system event recording service and self deletion of encrypted files after completion.

at presentThe event is still being processed,becauseSpecific details may involve sensitive information and legal procedures,Currently unavailablemostnewofPublicly handle the situation. butFor victimized companies, they should take proactive measures when facing ransomware attacks. With the rapid development of information technology, network attack methods are becoming increasingly diverse and complex. Therefore, strengthening network security protection and improving data protection capabilities have become important challenges that enterprises and institutions must face. At the same time, close cooperation should be maintained with law enforcement agencies and cybersecurity experts to jointly address the challenges posed by ransomware attacks. In the future, we need to pay more attention to network security and data protection issues, and jointly build a more secure and trustworthy network environment.