Tech hotspot Hong Kong reports ransomware attack exposing 400GB of data

Tech hub Cyberport is a prominent technology and innovation hub located in Hong Kong. It serves as a hub for nurturing and supporting technology startups and companies in their early stages. Cyberport provides access to capital, office facilities, and advanced technology resources.Cyberport plays a crucial role in the development of Hong Kong's tech industry by offering a platform for entrepreneurs and innovators to thrive.

Tech hub Cyberport has alerted police and Hong Kong’s privacy watchdog about a cybersecurity breach with a ransomware group reportedly claiming it has gained access to more than 400GB of its data and wants US$300,000 to return it.

The data, including bank account information and soft copies of ID cards was also being offered to other parties who could bid for access, with a reserve price set at US$300,000.

"If 1GB refers to one person, there are at least 400 victims,” said Anthony Lai Cheuk-tung, a malware analyst and security incident responder at Hong Kong-based cybersecurity firm VX Research.

The Police said they had passed the case to their cybersecurity and technology crime bureau for investigation and that no arrests had been made so far. The Office of the Privacy Commissioner for Personal Data on said it had received a data breach notification from Cyberport on August 18 and commenced a compliance check into the incident.

Cyberport had shut down the affected computer equipment and conducted a thorough investigation with the help of independent and external cybersecurity experts. It said it had reported the case to police, the Office of the Privacy Commissioner for Personal Data and relevant departments, adding that it would fully cooperate in the investigations. But the business park did not confirm the scale of the data breach.

Lai said the data included the personal information of Cyberport executives, such as soft copies of ID cards, CVs, bank account details and marriage certificates. A deadline was set on the dark web before the information would be made publicly available. Lai said Cyberport could have fallen victim to the attack in three ways; phishing emails, loopholes in its database and remote desktop access.

"It can only be done when the cybersecurity control is very loose and feeble,” he said. “I reckon Cyberport has not done its IT and cybersecurity auditing as it should be done. “If Cyberport decides not to pay the ransom, then it should download all the leaked data when it is exposed and compensate the victims and affected parties.”

Cyberport said it would strengthen its systems, notify affected parties and provide all necessary help, as well as set up a dedicated email to handle inquiries over the incident. The government-funded hub provides capital, office space and access to technology to help local start-ups in their early stages.