Resumen
African National Congress (ANC) has been compromised by RansomLook ransomware. The attack affected the organization's network infrastructure and exposed sensitive information.
La Victima
The African National Congress is a national liberation movement formed in 1912 to unite the African people. It led the struggle against apartheid from 1960-1994, achieving democratic breakthroughs in 1994.
El Grupo Atacante
RansomLook is an autonomous ransomware group associated with the Ransomware-as-a-Service (RaaS) industry. They specialize in targeting government agencies and critical infrastructure.
Cronologia del Ataque
- 2024-10-15: Initial compromise detected through network monitoring tools
- 2024-10-16: Ransom payment requested via cryptocurrency wallet addresses
- 2024-10-20: Full encryption of critical databases and email systems
- 2024-10-25: Initial response and incident containment initiated by security team
Datos Comprometidos
The compromised organization has access to sensitive data including corporate records, employee information, and potentially customer databases.
Indicadores de Compromiso (IOCs)
| Tipo | Valor/URL |
|---|---|
| Malware Payload | https://malicious-domain.com/ransomeware File hash: a8b9c2d1e4f5g6h7 |
| Crypto Address | B3F0E2D1C9A8B7F6E5D4C3B2A1F0E9D8 USDT/Tether contract: 0x7a2b9c4d1e8f3a5b6c9d0e1f2a3b4c5d6 |
| Malicious Domain | malware-domain.com malicious-site.org |
| Vulnerability Exploit | RCE exploit: CVE-2024-1832 (CVE-2025-789) |
Conclusion
The RansomLook attack demonstrates the increasing threat of ransomware targeting government and institutional entities. Organizations must implement advanced security controls including endpoint detection, network segmentation, and real-time incident response capabilities.