Hanwa Co Ltd Hit by Brain Cipher Ransomware Attack
Incident Date:
September 22, 2024
Overview
Title
Hanwa Co Ltd Hit by Brain Cipher Ransomware Attack
Victim
Hanwa Co., Ltd.
Attacker
BrainCypher
Location
First Reported
September 22, 2024
Ransomware Attack on Hanwa Co., Ltd. by Brain Cipher
Hanwa Co., Ltd., a prominent Japanese trading company, has recently fallen victim to a ransomware attack orchestrated by the Brain Cipher ransomware group. This attack has significant implications for the company, which operates globally in sectors such as metals, food, petroleum, and chemicals.
Company Profile
Founded in 1947, Hanwa Co., Ltd. is headquartered in Osaka, Japan, with additional offices in Tokyo and various international locations. The company employs over 5,500 people and reported revenues of approximately ¥2.44 trillion (about $22 billion) as of the latest fiscal reports. Hanwa's operations are structured into several business segments, including steel, metal raw materials, food, petroleum, and chemicals. The company is known for its extensive global reach and diversified operations, making it a key player in various industries.
Attack Overview
On September 8, 2023, Brain Cipher announced on its darknet leak site that it had exfiltrated 800 gigabytes of data from Hanwa Co., Ltd. The ransomware group threatened to release the stolen data if the company did not comply with their ransom demands within seven days. To substantiate their claims, Brain Cipher shared sample documents dating from 2009 to 2020, including shipping insurance details, purchase agreements, and confidentiality contracts. Additionally, the group posted a screenshot of a directory containing over 704,000 files, encompassing financial, logistical, and human resources information.
About Brain Cipher
Brain Cipher ransomware emerged in early June 2024 and gained notoriety after a high-profile attack on Indonesia’s National Data Center. The group primarily uses phishing and spear phishing for initial access and relies on initial access brokers. Brain Cipher's payloads are based on LockBit 3.0, and the ransomware encrypts files, appends a distinctive file extension, and demands a ransom payment for decryption. The group operates a TOR-based data leak site where they publish information about companies that fail to protect personal data.
Potential Vulnerabilities
Hanwa Co., Ltd.'s extensive global operations and diverse business segments make it a lucrative target for ransomware groups like Brain Cipher. The company's reliance on digital systems for managing its vast array of products and services could have provided multiple entry points for the attackers. The use of phishing and spear phishing techniques by Brain Cipher suggests that human error and inadequate cybersecurity measures may have played a role in the breach.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.