Bahia Principe Hotels Hit by Major RansomHub Ransomware Attack

Incident Date:

August 2, 2024

World map

Overview

Title

Bahia Principe Hotels Hit by Major RansomHub Ransomware Attack

Victim

Bahia Principe Hotels & Resorts

Attacker

Ransomhub

Location

Magaluf, Spain

, Spain

First Reported

August 2, 2024

RansomHub Targets Bahia Principe Hotels & Resorts in Major Ransomware Attack

Bahia Principe Hotels & Resorts, a leading hospitality brand known for its all-inclusive vacation experiences across the Caribbean and Spain, has become the latest victim of a ransomware attack by the cybercriminal group RansomHub. The breach, discovered on August 5, has resulted in the exfiltration of approximately 1230GB of data, posing significant risks to the privacy and security of the company's operations and its clientele.

About Bahia Principe Hotels & Resorts

Bahia Principe Hotels & Resorts operates under Grupo Piñero, a well-established Spanish family business group. The company manages 27 establishments with over 14,000 guest rooms, categorized into Bahia Principe Sunlight, Bahia Principe Grand, Bahia Principe Luxury, and Bahia Principe Fantasia. These resorts are located in popular tourist destinations such as the Dominican Republic, Mexico's Riviera Maya, Jamaica, and Spain's Canary and Balearic Islands. The company is recognized for its luxurious offerings, unique culinary and leisure experiences, and excellent customer service.

Attack Overview

The ransomware attack was orchestrated by RansomHub, a relatively new but increasingly notorious ransomware group. The group has claimed responsibility for the breach via their dark web leak site, providing a sample of the stolen data as proof. The full extent of the leak remains unknown, but the exfiltrated data could include sensitive information about Bahia Principe's operations and its guests.

About RansomHub

RansomHub is believed to have roots in Russia and operates as a Ransomware-as-a-Service (RaaS) group. Affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world, which may indicate a step towards future trends in cyber threats.

Potential Vulnerabilities

Bahia Principe Hotels & Resorts, like many large hospitality chains, handles vast amounts of sensitive data, including personal and financial information of its guests. This makes them an attractive target for ransomware groups like RansomHub. The integration of modern amenities and services with their natural environments may also introduce vulnerabilities in their IT infrastructure, potentially exploited by sophisticated ransomware attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.