Crezit Group Hit by RansomHub Ransomware Attack

Incident Date:

June 5, 2024

World map

Overview

Title

Crezit Group Hit by RansomHub Ransomware Attack

Victim

Crezit Group

Attacker

Ransomhub

Location

Madrid, Spain

, Spain

First Reported

June 5, 2024

RansomHub Group Executes Ransomware Attack on Crezit Group

Crezit Group Victimized by RansomHub Ransomware Group

Crezit Group, a financial technology company specializing in innovative credit solutions for underserved markets, has recently fallen victim to a ransomware attack orchestrated by the RansomHub ransomware group. The attackers claim to have exfiltrated 2.5 GB of sensitive data, including personally identifiable information (PII), customer data, and backups. The ransom payment deadline is set for June 15, 2024.

Attack Overview

The RansomHub ransomware group has emerged as a significant threat in the cyber landscape. Operating under a ransomware as a service (RaaS) model, the group utilizes programs written in Golang and C++, compatible with multiple operating systems such as Windows and Linux. Since its appearance in February 2024, RansomHub has been one of the most active ransomware groups, with numerous victims reported.

Specifically, in the case of Crezit Group, the compromised data includes names, addresses, ID details, contact information, and possibly financial information. Although the ransomware group has not encrypted the data, they have threatened to publish the information if the ransom payment is not met.

About Crezit Group

Crezit Group is dedicated to democratizing access to credit through advanced data analytics and machine learning algorithms. They focus on leveraging alternative data sources, such as social media activity and mobile phone usage, to build comprehensive credit profiles. This approach allows them to offer personalized credit products to individuals and small businesses often overlooked by traditional financial institutions.

Moreover, Crezit also emphasizes financial education and empowerment, providing tools and resources to help users understand and improve their financial health. Their partnerships with various financial institutions and fintech companies enable them to offer a wide range of financial products and services.

RansomHub Ransomware Group

RansomHub distinguishes itself by making claims and backing them up with data leaks. Believed to have roots in Russia, the group operates as a RaaS, with affiliates receiving 90% of the ransom money. Their ransomware strains are written in Golang, a trend in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions among the victims.

Additionally, the penetration of Crezit Group's systems could have been facilitated by vulnerabilities in their cybersecurity infrastructure, potentially through phishing attacks or exploiting unpatched software vulnerabilities.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.