Extra Co Group Targeted by RansomHub in Ransomware Incident
Incident Date:
May 2, 2024
Overview
Title
Extra Co Group Targeted by RansomHub in Ransomware Incident
Victim
Extra Co Group of Companies
Attacker
Ransomhub
Location
First Reported
May 2, 2024
RansomHub Targets UAE-Based Extra Co Group in Ransomware Attack
Company Profile
Extra Co Group of Companies, established in 1979 and based in Sharjah, United Arab Emirates, is a leading industrial manufacturer known for its diverse product range including fiberglass composites, precast structures, and metal works. With a sprawling facility of 120,000 square meters, the company employs between 1,001 and 5,000 employees and reported an annual revenue of $17 million in 2023. Extra Co has expanded its reach globally, serving markets in the Middle East, Africa, Europe, and the United States, and holds numerous accreditations from globally recognized quality standards institutions.
Details of the Ransomware Attack
RansomHub, a relatively new ransomware group with suspected roots in Russia, has claimed responsibility for a cyberattack on Extra Co's operations. The attack targeted the company's website leading to the exfiltration of approximately 20 GB of data.
RansomHub's Modus Operandi
RansomHub operates under a Ransomware-as-a-Service (RaaS) model, with affiliates receiving 90% of the ransom proceeds. The group's ransomware strains are notably developed using Golang, a programming language that enhances the malware's robustness and evasion capabilities. This strategic choice suggests a sophisticated approach to bypassing conventional cybersecurity measures.
Potential Vulnerabilities and Entry Points
While the exact penetration methods used by RansomHub in this attack remain unclear, common entry points for such groups include phishing attacks, exploiting unpatched software vulnerabilities, or accessing weakly secured remote desktop protocols. Extra Co's extensive digital footprint and significant data repositories likely make it an attractive target for ransomware operators looking to leverage stolen data for ransom negotiations.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.