Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Anubis ransomware and engineering data exposure - what teams need to act on


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10141
Topic starter  

TL;DR: Envirogen Technologies reportedly suffered an Anubis ransomware intrusion involving about 3.6 terabytes of exfiltrated data and more than three million files, including engineering materials, employee records, customer information, and military-related projects, according to Gurucul. The incident shows how double extortion turns broad file access into operational, legal, and identity-risk exposure, especially where privileged access and internal directory structure are insufficiently controlled.

NHIMG editorial — based on content published by Gurucul covering the Envirogen Technologies ransomware incident: Threat Intelligence on Envirogen Technologies allegedly targeted by Anubis ransomware

By the numbers:

Questions worth separating out

Q: What fails when ransomware operators can reach too many internal repositories?

A: The failure is not only encryption.

Q: Why do engineering environments make ransomware more damaging?

A: Engineering environments often concentrate design files, project records, and internal operational material in repositories built for convenience.

Q: How can security teams tell whether ransomware exposure is becoming an identity issue?

A: Look for signs that one account or delegated process can reach multiple sensitive domains without strict justification.

Practitioner guidance

  • Map the reachable data surface for each privileged identity Build a list of which human, service, and delegated identities can reach engineering, HR, finance, customer, and project repositories.
  • Separate high-value repositories from broad internal access paths Segment engineering environments so design files, customer records, and employee documents are not reachable through the same trust boundary or shared group memberships.
  • Tie file access to a specific identity and session Ensure logs identify the exact account, process, and access path used to enumerate or export sensitive data, so responders can scope exfiltration quickly after an alert.

What's in the full article

Gurucul's full blog covers the incident detail this post intentionally leaves for the source:

  • The leaked data categories and sample screenshots that show what the attackers claim to have accessed
  • The threat actor's alleged leak-site messaging and how double extortion is being used to increase pressure
  • The vendor's incident-prevention recommendations for EDR, SIEM, MFA, least privilege, backups, and patching
  • The source article's breakdown of affected business functions, including engineering, HR, finance, and internal reporting

👉 Read Gurucul's analysis of the Envirogen Technologies ransomware incident →

Anubis ransomware and engineering data exposure - what teams need to act on?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9696
 

Double-extortion ransomware is now an identity governance problem, not just a malware problem. The reported Envirogen incident shows how quickly broad file access becomes business leverage once an attacker can enumerate internal repositories and sensitive folders. Encryption is only one part of the harm. The larger issue is that the compromised identity appears to have had enough reach to expose engineering, employee, and customer data at scale, which means the governance failure preceded the ransom note.

A few things that frame the scale:

  • 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
  • Another finding from our research shows that enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months.

A question worth separating out:

Q: Who is accountable when ransomware exposes employee and customer data?

A: Accountability usually spans security, infrastructure, data owners, and the teams that approved the access model. If sensitive data was reachable through excessive permissions or weak segregation, governance owners must explain why those boundaries existed. Regulatory exposure then depends on the data involved, the jurisdiction, and the organisation’s incident reporting obligations.

👉 Read our full editorial: Anubis ransomware targets Envirogen: engineering data and identity risk



   
ReplyQuote
Share: