Extra Co Group Targeted by RansomHub in Ransomware Incident

Incident Date:

May 2, 2024

World map



Extra Co Group Targeted by RansomHub in Ransomware Incident


Extra Co Group of Companies




Sharjah, United Arab Emirates

, United Arab Emirates

First Reported

May 2, 2024

RansomHub Targets UAE-Based Extra Co Group in Ransomware Attack

Company Profile

Extra Co Group of Companies, established in 1979 and based in Sharjah, United Arab Emirates, is a leading industrial manufacturer known for its diverse product range including fiberglass composites, precast structures, and metal works. With a sprawling facility of 120,000 square meters, the company employs between 1,001 and 5,000 employees and reported an annual revenue of $17 million in 2023. Extra Co has expanded its reach globally, serving markets in the Middle East, Africa, Europe, and the United States, and holds numerous accreditations from globally recognized quality standards institutions.

Details of the Ransomware Attack

RansomHub, a relatively new ransomware group with suspected roots in Russia, has claimed responsibility for a cyberattack on Extra Co's operations. The attack targeted the company's website leading to the exfiltration of approximately 20 GB of data.

RansomHub's Modus Operandi

RansomHub operates under a Ransomware-as-a-Service (RaaS) model, with affiliates receiving 90% of the ransom proceeds. The group's ransomware strains are notably developed using Golang, a programming language that enhances the malware's robustness and evasion capabilities. This strategic choice suggests a sophisticated approach to bypassing conventional cybersecurity measures.

Potential Vulnerabilities and Entry Points

While the exact penetration methods used by RansomHub in this attack remain unclear, common entry points for such groups include phishing attacks, exploiting unpatched software vulnerabilities, or accessing weakly secured remote desktop protocols. Extra Co's extensive digital footprint and significant data repositories likely make it an attractive target for ransomware operators looking to leverage stolen data for ransom negotiations.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.