AVL Systems Design Hit by Major RansomHub Ransomware Attack

Incident Date:

September 19, 2024

World map

Overview

Title

AVL Systems Design Hit by Major RansomHub Ransomware Attack

Victim

AVL Systems Design

Attacker

Ransomhub

Location

Edmond, USA

Oklahoma, USA

First Reported

September 19, 2024

RansomHub Ransomware Attack on AVL Systems Design

AVL Systems Design, a prominent audio, video, and lighting solutions provider based in Edmond, Oklahoma, has fallen victim to a ransomware attack by the notorious RansomHub group. The attackers claim to have exfiltrated 268 GB of sensitive data, including files related to accounting, current projects, QuickBooks, shared directories, and user information. RansomHub has threatened to publish the stolen data within the next 9-10 days, putting significant pressure on AVL Systems Design to respond swiftly.

About AVL Systems Design

Established in 2001, AVL Systems Design specializes in the design, installation, and service of advanced audio, video, and lighting (AVL) systems. The company operates across various sectors, including commercial spaces, performing arts centers, educational institutions, and houses of worship. With a workforce of approximately 15 employees and an estimated annual revenue of $5 million, AVL Systems Design has completed over 9,850 projects and received more than 53 awards for excellence in their field.

What sets AVL Systems Design apart is its commitment to integrating modern technologies for effective communication and collaboration. The company sources high-quality components from various manufacturers, ensuring that each system is both cost-effective and durable. Their focus on aesthetics and functionality makes them a standout player in the AVL industry.

Attack Overview

The ransomware attack on AVL Systems Design was executed by RansomHub, a Ransomware-as-a-Service (RaaS) group known for its aggressive affiliate model and double extortion tactics. The group has claimed responsibility for infiltrating AVL Systems Design's network and exfiltrating a substantial amount of sensitive data. The compromised data includes critical files related to accounting, ongoing projects, and user information, which could have severe implications for the company and its clients.

About RansomHub

RansomHub emerged as a significant player in the ransomware landscape by filling the void left by the disruption of other high-profile ransomware groups. The group is known for its speed and efficiency, employing advanced data exfiltration techniques and intermittent encryption to minimize encryption time while maintaining impact. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access to target networks.

Penetration and Vulnerabilities

RansomHub likely penetrated AVL Systems Design's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's affiliates are adept at conducting multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The use of advanced encryption techniques and modular architecture allows RansomHub to evade detection and deliver swift results, making them a formidable threat to organizations worldwide.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.