fiber optic panel
Image: Brett Sayles via Pexels / PhotoMosh

Cyberattack on telecom giant Frontier claimed by RansomHub

An April cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining steam as a cybercriminal operation. 

On Saturday, the RansomHub operation posted Frontier Communications to its leak site claiming to have the sensitive information of more than 2 million people. The group claimed it spent more than two months attempting to extort the company but never got a response. 

Frontier did not respond to requests for comment but reported a cyber incident to the U.S. Securities and Exchange Commission (SEC) in April. 

At the time, the Dallas-based company said it detected unauthorized access to its IT systems on April 14 and began instituting “containment measures” that included “shutting down certain of the Company’s systems.” The shutdowns caused operational disruption that the company said “could be considered material.”

“Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information,” the company said in the SEC filing. 

The ransomware gang claimed it had access to names, addresses, Social Security numbers, credit scores and more. 

Since emerging earlier this year, RansomHub has quickly taken credit for several high-profile incidents. 

Hackers involved in the ransomware attack on Change Healthcare — which may involve the healthcare data of one-third of all Americans — are using the RansomHub platform to sell the stolen information

Members of the group have also claimed attacks on Christie’s, the world’s largest auction house by revenue, and other organizations

Experts from NCC Group said RansomHub was the third most prolific ransomware gang that operated in March, with at least 27 attacks. The group’s emergence has reinforced a longstanding assertion by security researchers that ransomware gangs are nebulous operations, with affiliates moving between different operations and selling stolen data or access to different groups. 

In a ransomware report from security firm Mandiant, researchers said Ransomhub is attempting to “recruit affiliates that have been impacted by recent shutdowns or exit scams” — most notably the law enforcement takedowns of LockBit and AlphV

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.