NoEscape claims Australian Domain Name Administrator breached, later provides evidence

The Windows ransomware group known as NoEscape claims that they have successfully breached the website of Australian Domain Name Administrator (auDA) on August 11.

AuDA released a statement acknowledging the situation and have initiated an investigation into the matter to ascertain the veracity of the claims. Initially no evidence was available of the data theft.

The NoEscape group claims to have stolen sensitive records like powers of attorney, legal documents with seals, passports, personal data, medical reports, financial documents, and much more.

Despite the claims, none of the accessed data has been publicly posted on any platform. Instead, NoEscape has demanded that auDA engage with them, presumably for ransom negotiations. This is part of an increasing trend of ransomware groups targeting organizations to simply extort money, even if they don't have concrete evidence to provide.

NoEscape's presence in the ransomware landscape is relatively recent, having first emerged in May 2023. The group operates using a ransomware-as-a-service model, which allows other criminals, known as affiliates, to utilize their tools and infrastructure for their own attacks. NoEscape differs from other groups in that it's creating its malware and infrastructure from scratch, avoiding any reliance on existing ransomware code.

Update - on 20th of August auDA confirmed that NoEscape provided some evidence of their claims: "Today, the cyber criminal has provided evidence of a small sample of data they say is in their possession. It includes screenshots of a file list from a computer."
NoEscape now threatens that if auDA doesn't engage in negoiations to pay ransom thir next step will be to sell access to bank accounts with balances over $4k.
NoEscape has released four screenshots on its site, two of which appear to be listings of some of auDA's clients.