White Mountain Backpacks

Summary

White Mountain Backpacks, an Australian outfitter specializing in custom fitted travel backpacks, was listed by the Rhysida ransomware gang on 1 September 2024. The attackers posted images of approximately 20 documents as proof of the breach, including trust account statements, receipts, signed documents, and spreadsheets. Rhysida set a ransom deadline of 7 September.

What Happened

The Rhysida ransomware gang breached White Mountain Backpacks' systems and exfiltrated business and financial documents. The attack appears to have been manually conducted rather than through automated means, likely using stolen credentials, phishing, or exploitation of known vulnerabilities. Rhysida posted proof-of-breach documents on their darknet leak site on 1 September, giving the company six days to pay an unspecified ransom before threatening to publish the stolen data.

Impact on Individuals

The breach exposed business documents including financial records, receipts, and signed documents. While the primary impact appears to be on business operations, customer information may have been included in the stolen data. Customers should:

• Monitor for phishing emails appearing to come from White Mountain Backpacks
• Be alert for potential misuse of order or payment information
• Watch for scam attempts referencing their purchases

The exposure of trust account statements and financial records could impact both the business and individuals whose transactions are documented.

Organisational Response

White Mountain Backpacks specializes in custom fitted travel backpacks for the Australian market. Rhysida operates using a Ransomware-as-a-Service (RaaS) model where various affiliates use the ransomware for attacks and divide profits with the malware authors. The group employs double extortion techniques, stealing data before encrypting it and threatening to publish unless a ransom is paid.