In-Depth Analysis of RZO's Ransomware Attack by Hunters International Group

Incident Date:

July 15, 2024

World map

Overview

Title

In-Depth Analysis of RZO's Ransomware Attack by Hunters International Group

Victim

RZO

Attacker

Hunters International

Location

New York, USA

New York, USA

First Reported

July 15, 2024

Ransomware Attack on RZO by Hunters: A Detailed Analysis

Overview of RZO

RZO, officially known as the Rascoff Zysblat Organization, is a multifaceted company based in New York City. Specializing in real estate investment and management, RZO focuses on property acquisition and development with an emphasis on innovative and sustainable practices. The company operates with a mission to identify and capitalize on unique investment opportunities within the real estate market, including residential, commercial, and mixed-use properties. RZO also provides advisory services, offering insights and strategies for other investors and stakeholders in the real estate sector. This dual focus on investment and advisory roles positions RZO as a significant player in the industry.

Details of the Ransomware Attack

On July 16, 2024, RZO discovered that it had fallen victim to a ransomware attack orchestrated by the threat actor group known as Hunters. The attack resulted in a significant data breach, with a leak size of 1.1TB. The incident has raised concerns about the security measures in place to protect sensitive information within the organization and the broader implications for the real estate sector. The attack has highlighted vulnerabilities in RZO's cybersecurity infrastructure, making it a target for sophisticated threat actors.

About Hunters Ransomware Group

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Impact

The exact method of penetration used by Hunters to infiltrate RZO's systems remains unclear. However, given the group's technical sophistication and operational strategies, it is likely that they employed advanced phishing techniques, exploiting vulnerabilities in RZO's network infrastructure. The attack has resulted in significant data breaches, financial losses, and reputational damage to RZO. The incident underscores the importance of robust cybersecurity measures to protect against evolving ransomware threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.