Crownlea Group Hit by Major Ransomware Attack from Hunters International
Incident Date:
July 29, 2024
Overview
Title
Crownlea Group Hit by Major Ransomware Attack from Hunters International
Victim
Crownlea Group
Attacker
Hunters International
Location
First Reported
July 29, 2024
Ransomware Attack on Crownlea Group by Hunters International
The Crownlea Group, a privately owned conglomerate based in the UK, has recently fallen victim to a ransomware attack orchestrated by the notorious ransomware group, Hunters International. This attack has resulted in a significant data breach, exposing sensitive information and jeopardizing the company's reputation.
About Crownlea Group
Established on November 25, 2002, Crownlea Group specializes in the manufacturing, importing, supplying, and distributing a diverse range of goods across various industries. The company operates multiple businesses under its umbrella, focusing on innovation and expansion. With a commitment to sustainability and environmental responsibility, Crownlea Group integrates these principles into its business practices and supply chain management. The company is headquartered in Leytonstone, London, and has a reported revenue of approximately $89 million.
Attack Overview
The ransomware attack was discovered on July 30, and it has led to a significant data breach involving 415.3GB of sensitive information. The leaked data includes passports and driving licenses from individuals across different countries. The attackers have publicly criticized Crownlea Group's CEO, Mr. Clinton Fisher, for refusing to negotiate, thereby exacerbating the severity of the incident. The breach has exposed 360,535 files, and the attackers have shared screenshots as proof of their access to Crownlea Group's networks.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group by law enforcement agencies. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in Crownlea Group's cybersecurity infrastructure. The group's techniques and operational strategies resemble those of the Hive ransomware, suggesting they have inherited or adapted Hive's encryption methods and tactics. The attack on Crownlea Group underscores the importance of vigilant cybersecurity practices, especially for companies operating in diverse and expansive sectors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.