Share this article on:
A non-profit organisation responsible for “connecting thousands of US and Saudi companies” falls victim to a ransomware attack. Senior members’ data are published online.
The INC Ransom gang claims to have hacked the US-Saudi Arabian Business Council, a non-profit organisation aimed at connecting businesses in both countries.
A post on the hacker’s dark web leak site is dated 17 April, with a number of updates added since then.
“In the course of a successful cyber attack on this company, we have a large amount of confidential information at our disposal,” an INC Ransom spokesperson said in the leak site post.
“All financial documents, mail correspondence, agreements and contracts that are not subject to disclosure, personal data of employees. All this and much more will be published in case we do not come to an agreement.”
The group also shared several documents and scans to prove the veracity of the claim, including invoices and files referencing companies that have done business with the council, insurance documents, expense reports, and several passport scans, including one that appears to belong to the council’s current acting general manager.
INC Ransom claims to have 200 gigabytes of data and is threatening to publish it in three tranches – one on 29 April and another on 2 May, with a third to come on 6 May. The first two are now live, with the contents available for download.
Documents pertaining to current and former employees of the council appear to be impacted. Companies that appear in some of the files include Chevron and Exxon Mobil, as well as the World Bank. A 2023 audit by PricewaterhouseCoopers also appears in the data.
According to the council’s website, the “US-Saudi Business Council, ‘the Council,’ was established as a non-profit organisation in 1993 as a spin-off of the US-Saudi Arabian Joint Economic Commission, a technical assistance initiative between the Saudi Ministry of Finance and National Economy and the US Department of the Treasury”.
The INC Ransom ransomware gang has been particularly active recently, with the operation claiming 15 victims in April alone. The gang was first observed in August 2023 and has targeted organisations in Europe, Asia, Australia, and the US.
Cyber Daily has reached out to the US-Saudi Arabian Business Council for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.