RansomHub Targets UAE-Based Extra Co Group in Ransomware Attack

Company Profile

Extra Co Group of Companies, established in 1979 and based in Sharjah, United Arab Emirates, is a leading industrial manufacturer known for its diverse product range including fiberglass composites, precast structures, and metal works. With a sprawling facility of 120,000 square meters, the company employs between 1,001 and 5,000 employees and reported an annual revenue of $17 million in 2023. Extra Co has expanded its reach globally, serving markets in the Middle East, Africa, Europe, and the United States, and holds numerous accreditations from globally recognized quality standards institutions.

Details of the Ransomware Attack

RansomHub, a relatively new ransomware group with suspected roots in Russia, has claimed responsibility for a cyberattack on Extra Co's operations. The attack targeted the company's website leading to the exfiltration of approximately 20 GB of data.

RansomHub's Modus Operandi

RansomHub operates under a Ransomware-as-a-Service (RaaS) model, with affiliates receiving 90% of the ransom proceeds. The group's ransomware strains are notably developed using Golang, a programming language that enhances the malware's robustness and evasion capabilities. This strategic choice suggests a sophisticated approach to bypassing conventional cybersecurity measures.

Potential Vulnerabilities and Entry Points

While the exact penetration methods used by RansomHub in this attack remain unclear, common entry points for such groups include phishing attacks, exploiting unpatched software vulnerabilities, or accessing weakly secured remote desktop protocols. Extra Co's extensive digital footprint and significant data repositories likely make it an attractive target for ransomware operators looking to leverage stolen data for ransom negotiations.

Sources

• RocketReach - Extra Co Group of Companies Profile
• LinkedIn - Extra Co
• LinkedIn IN - Extra Co Group
• ZoomInfo - Extra Co
• SOCRadar - Dark Web Profile RansomHub