Snowflake Hack: Cybercriminals Demand as Much as $5 Million From Clients

A group of cybercriminals is targeting companies that use the cloud data platform Snowflake, demanding up to $5 million in ransom payments. This new ransomware campaign, named “Lace Tempest,” has been active since at least June 2023, and victims have reported receiving demands for $5 million, as well as lower sums ranging from $1 to $3 million. The attackers exploit vulnerabilities in the Snowflake platform's web application to gain access to sensitive data and then encrypt it. They then demand payment in cryptocurrency to restore access to the data. The cybercriminals use sophisticated tactics to make their attacks more difficult to detect. This includes using stolen credentials to gain initial access to the Snowflake environment, and then using tools like Cobalt Strike to move laterally within the network. While the full extent of the impact of the Lace Tempest campaign is still unknown, it highlights the growing threat of ransomware attacks on cloud-based data platforms. Snowflake has acknowledged the threat and issued security guidance to its customers. They recommend that organizations implement strong security measures, such as multi-factor authentication, to protect their Snowflake environments. The attack emphasizes the need for organizations to take a proactive approach to cybersecurity. This includes regularly reviewing their security posture and implementing appropriate controls to mitigate the risk of ransomware attacks.

Summary

"The Lace Tempest ransomware campaign targets companies using Snowflake, demanding millions in ransom payments to decrypt encrypted data. This attack highlights the growing threat of ransomware on cloud platforms and emphasizes the need for organizations to implement strong security measures to protect their data."