Share this article on:
Data extortion group Ransom House has listed printing company Advance Press on its dark web leak site, claiming to have stolen company data.
Ransom House, a relatively young threat group believed to have first emerged in December 2021, listed the Western Australia-based printing organisation on its site, claiming to have stolen “about 300Gb of data”.
“Dear Advance Press. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to start resolving that situation,” wrote Ransom House.
Advance Press, which was previously part of the Geon group, works with major clients such as the Australian government and several Fortune 500 companies, according to its site.
Ransom House posted a sample of the allegedly stolen data, which contains files dated from as far back as 2010, all the way to 2024.
This includes employment contracts, résumés, insurance documents, expenses, budgets, profit and loss margins, and more.
However, while the sample appears legitimate, some of the listing’s details seem questionable and should be taken with a grain of salt.
For one, the copy describing Advance Press on the dark web blog is from another company – Royal Star & Garter, which was the group’s previous victim.
Looking at Royal Star & Garter’s listing, Ransom House’s message threatening them with publication is from yet another victim, Cressex Community School.
Additionally, the last five listings all claim that about 300 gigabits had been stolen, which alongside the above details, could indicate copied and pasted listings that have been poorly updated and edited.
Cyber Daily reached out to Advance Press, which decided not to provide further comment.
Ransom House is a unique group as it tries to differentiate itself from other ransomware operators. Despite saying it has encrypted victim data on many of its listings, the group claims that it has “nothing to do with any breaches and don’t produce or use any ransomware”, adding that it defines itself as a “professional mediators’ community”.
“Our primary goal is to minimise the damage that might be sustained by related parties,” it said.
As many ransomware gangs do to justify their actions, Ransom House believes that it’s not the hackers that are to blame for these incidents, but those who don’t protect themselves well enough.
“We believe that the culprits are not the ones who found the vulnerability or carried out the hack, but those who did not take proper care of security,” the group said.
“The culprits are those who did not put a lock on the door leaving it wide open inviting everyone in.”
Despite Ransom House’s heartfelt justification that it is indeed a charity organisation providing free pen-testing, cyber security firm Trellix points out that the threat group is indeed a ransomware-as-a-service (RaaS) gang and is known for double extortion by both encrypting and exfiltrating data.