Erivan Gecom Inc. Targeted in Rhysida Ransomware Attack

Incident Date:

June 22, 2024

World map

Overview

Title

Erivan Gecom Inc. Targeted in Rhysida Ransomware Attack

Victim

Erivan Gecom Inc

Attacker

Rhysida

Location

Sainte-Julie, Canada

, Canada

First Reported

June 22, 2024

Ransomware Attack on Erivan Gecom Inc by Rhysida Group

Company Profile: Erivan Gecom Inc.

Erivan Gecom Inc., a Canadian engineering and construction company, has carved a niche in the telecommunications infrastructure sector. Founded in 1981 and transitioning into telecommunications in 1995 under Eric Lajeunesse, the company has been pivotal in adapting to the technological demands of the industry. With a workforce of 51-200 employees, Erivan Gecom stands out for its commitment to delivering high-quality telecommunications services and its ability to tailor solutions to client needs. Despite its robust market presence, the company's moderate size and industry significance make it a potential target for cybercriminals.

Details of the Ransomware Attack

On June 22, 2024, Erivan Gecom Inc. fell victim to a ransomware attack by the emerging cybercriminal group Rhysida. The attackers have threatened to release the company's sensitive data within a week unless a ransom is paid. This attack highlights the vulnerabilities even well-established firms face in the digital age, emphasizing the need for enhanced cybersecurity measures in the telecommunications sector.

Rhysida Ransomware Group

The Rhysida Ransomware Group, known for its sophisticated encryption methods and double extortion tactics, has been active since May 2023. Utilizing tools like PsExec for lateral movement and employing a combination of RSA and ChaCha20 encryption algorithms, Rhysida targets multiple sectors, with a particular focus on entities like Erivan Gecom Inc. that hold valuable data. The group's method of operation includes initial access through phishing, exploiting network vulnerabilities, or using compromised credentials, suggesting possible penetration vectors in the Erivan Gecom attack.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.