UK-based IT services provider Agilitas has fallen victim to a ransomware attack by the Donut gang, who claim to possess the source code and SQL databases of the company.
Furthermore, the cybercriminals have posted details of the breach on the dark web, threatening to leak the data unless their demands are met. While the gang has not specified a ransom amount or deadline, Agilitas is cooperating with cybersecurity experts, notifying relevant authorities, and maintaining its operational status throughout the investigation. The National Cyber Security Centre (NCSC) advises against paying ransom demands, as there is no guarantee of data recovery and the risk of continued infection.
The Donut gang, known for its data extortion tactics, has been active since August of the current year and has targeted various organizations, including Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and construction company Sando.
While some ransomware gangs post victim information, Donut’s approach tends to involve more extensive data disclosure. A German insurance company, Gossler, Gobert and Wolters Group (GGW Group), has also been listed on Donut’s dark web blog, with the gang claiming to have stolen 2.6TB of data from the company.
Agilitas IT Solutions confirmed the cyberattack by an organized criminal group but assured that the business is fully operational. The company is taking data protection seriously, collaborating with cybersecurity experts to investigate the incident, and reporting it to the National Cyber Security Centre and the police through Action Fraud. Their primary focus remains on supporting employees and customers during this challenging time.