Handala Group's Ransomware Attack Compromises Zerto Security
Incident Date:
June 23, 2024
Overview
Title
Handala Group's Ransomware Attack Compromises Zerto Security
Victim
Zerto Security
Attacker
Handala
Location
First Reported
June 23, 2024
Ransomware Attack on Zerto Security by Handala Group
Company Profile: Zerto Security
Zerto, a Hewlett Packard Enterprise company, is a prominent player in the field of cloud data management and protection. Founded in 2009, Zerto specializes in providing disaster recovery solutions, data backup, and seamless workload mobility across various cloud platforms such as Microsoft Azure, AWS, and Google Cloud. With over 9,500 customers worldwide and generating more than $300 million in revenue, Zerto is recognized for its innovative approach in simplifying complex data protection challenges and ensuring minimal downtime and data loss.
Details of the Attack
The Handala ransomware group, known for its politically motivated cyberattacks, has recently targeted Zerto, claiming to have compromised 51 terabytes of data. The attack was not only significant in terms of the volume of data affected but also notable for its overt political messaging. Handala described Zerto as a "Zionist cybersecurity company," critiquing its security capabilities and its affiliations. This breach has led to substantial data loss and has raised questions about the robustness of Zerto's cybersecurity measures.
Profile of the Handala Ransomware Group
Handala is a cybercriminal organization with a history of targeting Israeli institutions and their affiliates, driven by a pro-Palestinian agenda. The group employs sophisticated phishing campaigns and multi-stage loading processes for its attacks, often resulting in significant data breaches and operational disruptions for the targeted entities. Handala's tactics include the use of obfuscated scripts and shellcode to evade detection, showcasing their advanced capabilities in cyber warfare.
Potential Vulnerabilities and Entry Points
While specific details of the breach's methodology are not disclosed, it is plausible that Handala exploited vulnerabilities in Zerto's network, possibly through phishing or other forms of social engineering. Given Zerto's role and scale in data protection, the breach underscores the critical need for continuous enhancement of cybersecurity protocols, especially against politically motivated cybercriminal groups like Handala.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.