In-Depth Analysis of RZO's Ransomware Attack by Hunters International Group
Incident Date:
July 15, 2024
Overview
Title
In-Depth Analysis of RZO's Ransomware Attack by Hunters International Group
Victim
RZO
Attacker
Hunters International
Location
First Reported
July 15, 2024
Ransomware Attack on RZO by Hunters: A Detailed Analysis
Overview of RZO
RZO, officially known as the Rascoff Zysblat Organization, is a multifaceted company based in New York City. Specializing in real estate investment and management, RZO focuses on property acquisition and development with an emphasis on innovative and sustainable practices. The company operates with a mission to identify and capitalize on unique investment opportunities within the real estate market, including residential, commercial, and mixed-use properties. RZO also provides advisory services, offering insights and strategies for other investors and stakeholders in the real estate sector. This dual focus on investment and advisory roles positions RZO as a significant player in the industry.
Details of the Ransomware Attack
On July 16, 2024, RZO discovered that it had fallen victim to a ransomware attack orchestrated by the threat actor group known as Hunters. The attack resulted in a significant data breach, with a leak size of 1.1TB. The incident has raised concerns about the security measures in place to protect sensitive information within the organization and the broader implications for the real estate sector. The attack has highlighted vulnerabilities in RZO's cybersecurity infrastructure, making it a target for sophisticated threat actors.
About Hunters Ransomware Group
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Penetration and Impact
The exact method of penetration used by Hunters to infiltrate RZO's systems remains unclear. However, given the group's technical sophistication and operational strategies, it is likely that they employed advanced phishing techniques, exploiting vulnerabilities in RZO's network infrastructure. The attack has resulted in significant data breaches, financial losses, and reputational damage to RZO. The incident underscores the importance of robust cybersecurity measures to protect against evolving ransomware threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.