Ransomware Group: FUNKSEC

VICTIM NAME: ndc[.]energy[.]mn

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the FUNKSEC Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a data breach involving the National Dispatch Center (NDC) of Mongolia, as indicated by the extracted information. The page reveals a ransom demand of $10,000 and mentions the exfiltration of a significant amount of sensitive data, totaling approximately 1.3GB in CSV format from various MySQL database tables. The data includes tables related to organizational information, service users, electricity tariffs, and user feedback among others, which points towards critical operational details of Mongolia’s energy sector. The absence of specified compromise dates suggests that these activities are still under investigation. Unless otherwise noted, the date on the leak page is set to January 1, 2025, indicating a potential deadline for ransom negotiations.

The leak page outlines the key aspects of the NDC’s role in managing and coordinating the power grid in Mongolia. This includes technical monitoring and initiatives aimed at optimizing energy consumption. It notes the criticality of this information, as it affects the stable operation of the country’s electricity supply. A single image is included, depicting visual content related to the breach, likely showcasing internal documents or data structures without revealing any specific identifiers. Importantly, the leak does not provide any download links, although it highlights the presence of a database compromised during the breach. This incident draws attention to the vulnerabilities present within essential infrastructure sectors, emphasizing the need for robust cybersecurity measures.