Handala Group's Ransomware Attack Compromises Zerto Security

Incident Date:

June 23, 2024

World map

Overview

Title

Handala Group's Ransomware Attack Compromises Zerto Security

Victim

Zerto Security

Attacker

Handala

Location

Herzliya, Israel

, Israel

First Reported

June 23, 2024

Ransomware Attack on Zerto Security by Handala Group

Company Profile: Zerto Security

Zerto, a Hewlett Packard Enterprise company, is a prominent player in the field of cloud data management and protection. Founded in 2009, Zerto specializes in providing disaster recovery solutions, data backup, and seamless workload mobility across various cloud platforms such as Microsoft Azure, AWS, and Google Cloud. With over 9,500 customers worldwide and generating more than $300 million in revenue, Zerto is recognized for its innovative approach in simplifying complex data protection challenges and ensuring minimal downtime and data loss.

Details of the Attack

The Handala ransomware group, known for its politically motivated cyberattacks, has recently targeted Zerto, claiming to have compromised 51 terabytes of data. The attack was not only significant in terms of the volume of data affected but also notable for its overt political messaging. Handala described Zerto as a "Zionist cybersecurity company," critiquing its security capabilities and its affiliations. This breach has led to substantial data loss and has raised questions about the robustness of Zerto's cybersecurity measures.

Profile of the Handala Ransomware Group

Handala is a cybercriminal organization with a history of targeting Israeli institutions and their affiliates, driven by a pro-Palestinian agenda. The group employs sophisticated phishing campaigns and multi-stage loading processes for its attacks, often resulting in significant data breaches and operational disruptions for the targeted entities. Handala's tactics include the use of obfuscated scripts and shellcode to evade detection, showcasing their advanced capabilities in cyber warfare.

Potential Vulnerabilities and Entry Points

While specific details of the breach's methodology are not disclosed, it is plausible that Handala exploited vulnerabilities in Zerto's network, possibly through phishing or other forms of social engineering. Given Zerto's role and scale in data protection, the breach underscores the critical need for continuous enhancement of cybersecurity protocols, especially against politically motivated cybercriminal groups like Handala.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.