Blower-Dempsay Hit by RansomHub Ransomware: 679 GB Data at Risk
Incident Date:
August 20, 2024
Overview
Title
Blower-Dempsay Hit by RansomHub Ransomware: 679 GB Data at Risk
Victim
Blower-Dempsay Corporation
Attacker
Ransomhub
Location
First Reported
August 20, 2024
RansomHub Ransomware Attack on Blower-Dempsay Corporation
Blower-Dempsay Corporation, a well-established packaging solutions provider based in Santa Ana, California, has recently fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 679 GB of sensitive data and have threatened to release it publicly within the next 6-7 days if their demands are not met.
About Blower-Dempsay Corporation
Founded in 1973, Blower-Dempsay Corporation is a family-owned business that started as a corrugated box sheet plant. Over the years, it has expanded its operations across four states in the Western United States. The company specializes in comprehensive packaging solutions, including concept development, planning, design, engineering, printing, manufacturing, and project management. Their diverse product offerings cater to industries such as food and beverage, consumer goods, and industrial sectors.
Blower-Dempsay is known for its innovative approach and commitment to customer satisfaction, combining the capabilities of a large corporation with the personalized service of a smaller business. The company employs between 51 to 200 people and emphasizes sustainability by using recyclable materials and sustainable adhesive solutions.
Attack Overview
The RansomHub ransomware group has claimed responsibility for the attack on Blower-Dempsay Corporation. The group has threatened to release the exfiltrated data if their ransom demands are not met, putting the company at significant risk of data exposure and operational disruptions. The attack highlights the vulnerabilities that even well-established companies face in the current cyber threat landscape.
About RansomHub
RansomHub is a relatively new player in the ransomware scene, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. Their ransomware strains are written in Golang, a language gaining popularity in the ransomware world.
RansomHub distinguishes itself by making claims and backing them up with data leaks, adding credibility to their threats. The exact method of penetration into Blower-Dempsay's systems remains unclear, but common vectors include phishing emails, exploiting unpatched vulnerabilities, and leveraging weak security protocols.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.