Grant Associates Hit by RansomHub in Major Ransomware Attack
Incident Date:
August 30, 2024
Overview
Title
Grant Associates Hit by RansomHub in Major Ransomware Attack
Victim
Grant Associates
Attacker
Ransomhub
Location
First Reported
August 30, 2024
RansomHub Ransomware Group Targets Grant Associates in Major Cyberattack
Grant Associates, a renowned international landscape architecture firm based in the UK, has recently fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have infiltrated the company's systems, exfiltrating 400 GB of sensitive data. This breach underscores the escalating threat of cyberattacks on businesses across various sectors, including those traditionally perceived as less vulnerable.
About Grant Associates
Established in 1997, Grant Associates is a prominent landscape architecture practice known for its innovative and environmentally conscious design approaches. The firm operates from its headquarters in Bath, UK, with additional offices in Singapore. Grant Associates has a diverse portfolio that includes large-scale landmark projects and smaller, community-focused ventures. Their work is characterized by a deep understanding of human behavior, ecological science, and regenerative design principles, which they integrate with cutting-edge design technology to create spaces that promote well-being and biodiversity.
What Makes Grant Associates Stand Out
Grant Associates is distinguished by its philosophy of reconnecting people with nature through thoughtful and engaging landscape design. The firm emphasizes creating spaces that serve aesthetic purposes and foster a sense of identity and community. Their commitment to addressing contemporary challenges such as climate change and biodiversity loss is evident in their design strategies, which aim to create resilient and sustainable environments. Notable projects include the Sino-Singapore Friendship Park in Tianjin, China, and the acclaimed Gardens by the Bay in Singapore.
Attack Overview
The RansomHub ransomware group claims to have accessed 400 GB of sensitive data from Grant Associates. This breach poses significant risks to the firm's operations and client confidentiality. The attack highlights the vulnerabilities that even firms in the landscape architecture sector face, particularly those with valuable data and critical operations. The exact method of penetration remains unclear, but RansomHub is known for exploiting vulnerabilities in unpatched systems and using phishing campaigns to gain initial access.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself in the ransomware landscape. The group adopts a highly adaptable and aggressive affiliate model, focusing on financial gain through double extortion—encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub is known for its speed and efficiency, targeting large enterprises across various industries, including healthcare, financial services, and government.
Penetration Methods
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group has also leveraged zero-day vulnerabilities. Once inside a network, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. RansomHub's ransomware is optimized to encrypt large datasets quickly, targeting a wide range of cross-platform systems, including Windows, Linux, and ESXi.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.