The Romanian branch of NTT DATA, has been listed as a victim by the RansomHub ransomware group.

host_chost_c Hosting Provider

The hackers allegedly exfiltrated 230 GB of data.

Ransom deadline: 05th Jul 24.

NTT DATA Corporation, with a revenue of 3.49 trillion JPY (approximately 25.48 billion USD) is a Japanese multinational information technology service and consulting company headquartered in Tokyo, Japan. It is a partially-owned subsidiary of Nippon Telegraph and Telephone.

Screenshot-2024-07-03-144039

Source: https://x.com/H4ckManac/status/1808026245180920082

Host-C - VPS Services Provider - AS211462

"If there is no struggle there is no progress"

Comments

  • Your victimisation has been doubled.

    HostBrr aff best VPS; VirmAche aff worst VPS.
    Unable to push-up due to shoulder injury 😣

  • host_chost_c Hosting Provider

    @yoursunny said: Your victimisation has been doubled.

    THX, can I get 2x double victimisation ?

    Host-C - VPS Services Provider - AS211462

    "If there is no struggle there is no progress"

  • edited July 3

    You close all the ports, only leave tcp 22 open for convenience, and then you get:

    • backdoored SSH via liblzma
    • a malloc in openssh signal handler that only an cretin could write without malice
    • IPv6 localhost spoofing permitted by the kernel, again with a nonchalance that seems too casual
    • portmap and its collection of RCEs autostarted by default on Debian
    • systemd =)
    • fuck it all
    Thanked by (2)host_c quicksilver03
  • host_chost_c Hosting Provider
    edited July 3

    @Calin

    Any info if it was hosted with you ? =) =) =)

    EDIT:

    Ahh damn it, it is RansomHUB not PORNHUB. My mistake. So many HUB's. =) =)

    Thanked by (3)Calin ehab bdl

    Host-C - VPS Services Provider - AS211462

    "If there is no struggle there is no progress"

  • @davide said:
    You close all the ports, only leave tcp 22 open for convenience, and then you get:

    • backdoored SSH via liblzma
    • a malloc in openssh signal handler that only an cretin could write without malice
    • IPv6 localhost spoofing permitted by the kernel, again with a nonchalance that seems too casual
    • portmap and its collection of RCEs autostarted by default on Debian
    • systemd =)
    • fuck it all

    You were running a honeypot?

    How are you... online?

  • @root said:
    You were running a honeypot?

    Is that the current name of Debian Stable?

    Thanked by (3)root fluttershy lukast__
  • edited July 3

    https://ransomwatch.telemetry.ltd/#/profiles?id=ransomhub

    http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/cde6497e-2ea4-4a18-94f7-308d6c6f1118/ ;)

    http://fpwwt67hm3mkt6hdavkfyqi42oo3vkaggvjj4kxdr2ivsbzyka5yr2qd.onion/

    Downloading from Tor network, fast.
    https://github.com/sn0b4ll/aria2-onion-downloader

    *Only for educational purposes.

  • What does that data contain? Technical consultancy of other companies? Does it contain payment and confidential information.

    How are you... online?

  • AuroraZeroAuroraZero Retired

    @root said:
    What does that data contain? Technical consultancy of other companies? Does it contain payment and confidential information.

    @host-c's porn stash and naked selfies

    Thanked by (3)sh97 ehab host_c

    URL Shortener | YetiNode | Come join us on the MetalVPS IRC channel!!! | LaunchVPS | Are you in the Node?

  • @AuroraZero said:

    @root said:
    What does that data contain? Technical consultancy of other companies? Does it contain payment and confidential information.

    @host-c's porn stash and naked selfies

    Thanked by (2)ehab host_c

    How are you... online?

  • host_chost_c Hosting Provider

    I, I, I, have no comment on the matter =)

    Host-C - VPS Services Provider - AS211462

    "If there is no struggle there is no progress"

Sign In or Register to comment.