Cybersecurity Breach: The Impact of the Underground Team Ransomware on Frencken Group

Incident Date:

May 4, 2024

World map



Cybersecurity Breach: The Impact of the Underground Team Ransomware on Frencken Group


Frencken Group


Underground Team


Pulau Pinang, Malaysia

, Malaysia

First Reported

May 4, 2024

Ransomware Attack on Frencken Group by Underground Team

Company Profile: Frencken Group Limited

Frencken Group Limited, a prominent player in the global technology solutions market, is known for its extensive range of services and products across various industries. With a workforce of approximately 3,600 employees and a trailing twelve months revenue of SGD 742.86 million (over 550,000 USD), the company stands out due to its innovative approach in the fields of Mechatronics and Integrated Manufacturing Services (IMS). Frencken Group has a significant presence in Europe, Asia, and the US, enhancing its global footprint and operational capabilities.

The company's diverse offerings include precision engineering, program management, and integrated contract design and manufacturing services, catering to sectors such as automotive, healthcare, and industrial markets. This extensive integration of technology and global reach makes Frencken an essential partner for leading multinational corporations.

Details of the Ransomware Attack

The Underground Team, a notorious ransomware group, targeted Frencken Group, compromising their digital infrastructure. The attackers managed to exfiltrate a substantial amount of data, approximately 439.4 GB, from the company's systems. This data was subsequently leaked online, posing significant risks to the confidentiality and integrity of both the company and its clients.

Technical Overview of Underground Team Ransomware

The Underground Team ransomware is known for its robust 64-bit GUI-based application, which facilitates a range of malicious activities. These include the deletion of backups, modification of registry settings, and the disruption of critical services like MSSQLSERVER. The ransomware employs API functions to identify system volumes and deploys a ransom note across multiple system folders, initiating a comprehensive encryption protocol that strategically excludes certain filenames, extensions, and folders.

The primary infection vector for this ransomware is believed to be through sophisticated social engineering tactics. Phishing emails with malicious attachments or links to compromised websites are commonly used to deceive victims into initiating the ransomware. These emails are crafted to appear legitimate, thereby increasing the likelihood of user interaction with the harmful content.

Potential Vulnerabilities and Industry Impact

Frencken Group's extensive reliance on digital technology and global connectivity may have increased its vulnerability to cyber-attacks such as this. The integration of various technologies across multiple sectors and regions potentially opens up multiple vectors for cyber threats. Additionally, the company's high-profile collaborations with leading technology firms may make it an attractive target for ransomware attacks aiming to disrupt operations or extract valuable intellectual property.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.