A cyber criminal crew has targeted Kido International, a preschool and daycare organization, leaking sensitive details about its pupils and their parents.
To verify the authenticity of the leak, we called affected parents who confirmed to us that the organization was aware of the situation, and that it had made parents aware too.
The ransomware crims, a new face known as the Radiant Group, claimed responsibility for the attack and this is the first leak on its dark web-based site.
Its extortion tactics in this case, which include publishing profiles of 10 children, complete with their images, names, and home addresses, along with their parents’ contact details and in some cases places of work, are among the most aggressive ever deployed.
The Register contacted Kido International for comment, but did not receive a response by publication time.
The business specializes in advanced early years development programs and operates various sites across cities internationally. However, the affected individuals thus far appear to all be based in the UK.
The cybercriminals behind the group recently deleted an “About” section on its website, which formerly stated that it was a financially motivated ransomware operation that engages in double-extortion and single-extortion attacks, without the support of affiliates.
It described itself as an aggressive group that is intent on contacting domestic regulators to apply additional pressure, as well as contacting victims’ associates and their investors, where applicable.
The Register contacted the UK’s National Cyber Security Centre, National Crime Agency, and Information Commissioner’s Office for a response, and we’ll update this article if and when we receive one.
Alan Woodward, computer scientist and professor at the University of Surrey, said any organization that holds sensitive data such as this must go the extra mile to secure it, but it does not detach from the heinousness of the attack.
“Just when you think cybercriminals can’t sink any lower, we see this kind of attack,” he told The Register.
“Having seen the news that a death had occurred from the London hospital attack last year, then you see this, you wonder if these people are amoral or just plain evil.
“We all know that cyberattackers feel a degree of disinhibition working online, almost like they feel these are victimless crimes. This just shows how warped they are. Soft targets may be easy for them, but the impact is horrible.
“It’s not just that they targeted this organization, but they then published the data. They knew damned well they were operating in the gutter.
“I can only hope the law, albeit that it can take some time, catches up with them and in the glare of public awareness they realize just what the general public thinks of such criminals.”
Dray Agha, senior manager of security operations at Huntress, concurred.
He said: “This represents a reprehensible erosion of any remaining boundaries in the cybercriminal ecosystem. By weaponizing the personal data of infants and toddlers, this group has sunk to a depth that even other threat actors may condemn.
“From a negotiation standpoint, this attack effectively burns a bridge for the entire ransomware industry. Engaging with a group that demonstrates such blatant disregard for human decency is now an intolerable risk for any organization. This action will likely harden the stance of both victims and law enforcement, making productive negotiations, even in extreme circumstances, almost impossible.
“It signals that some groups are now purely opportunistic predators, and the only viable strategy is to invest heavily in security prevention and rendering their tactics ineffective.”
Horrible histories
Ransomware groups are known for their abhorrent tactics and remorselessness when the impact of their financially driven attacks goes beyond the pale.
From targeting children’s hospitals like Alder Hey, to leaking pre-op surgery pictures from plastic surgeons’ offices, a moral compass is not a quality often exhibited by these kinds of individuals.
Qilin’s attack on Synnovis, a pathology services provider to NHS hospitals in London, last year resulted in thousands of missed appointments, altered procedures for cancer patients, and one death, it was confirmed over the summer.
The group told The Register at the height of the healthcare chaos it caused that it had no regrets over carrying out its attack. ®