Cisco confirms data leak after Yanluowang ransomware attack

Cisco has confirmed that the personal data leaked by the Yanluowang ransomware group was stolen from the firm network during a hacker attack in May.

Cisco said in an update that the data leak does not change the initial assessment that the incident has no impact on the business:

On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. The content of these files match what we already identified and disclosed.

Our previous analysis of this incident remains unchanged-we continue to see no impact to our business, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.

In a report in August, the firm announced that its network had been breached by the Yanluowang ransomware after the threat actors compromised an employee's VPN account.

According to Cisco, the stolen data included non-sensitive files from the employee’s Box folder and the attack was contained before Yanluowang ransomware could start encrypting networks.

The hackers, however, claimed otherwise. Yanluowang’s leader told that they stole thousands of files amounting to 55GB and that the cache included classified documents, technical schematics, and source code.

Yanluowang did not provide any proof, though. They only shared a screenshot indicating access to what appears to be a development system:

The other day, Savannah College of Art and Design became a victim of a ransomware attack that leaked the sensitive information of hundreds of people.