RansomHouse Ransomware Attack on Jangho Group: A Detailed Analysis

Jangho Group Co., Ltd., a leading multinational enterprise in the construction sector, has recently fallen victim to a ransomware attack orchestrated by the RansomHouse group. The attackers claim to have exfiltrated 2.3 TB of sensitive data, posing significant operational and reputational risks to the company.

About Jangho Group

Established in 1999 and headquartered in Beijing, Jangho Group specializes in facade solutions, particularly architectural curtain walls. The company integrates research and development, engineering design, precision manufacturing, installation, consultancy, and product export. Jangho Group is recognized as one of China's leading high-end curtain wall enterprises and has a substantial global presence with over 30 branches worldwide.

Jangho Group operates primarily in two sectors: building decoration and medical health. In the building decoration sector, it provides comprehensive solutions for curtain wall systems, serving a diverse range of clients, including office buildings, hotels, commercial complexes, airports, and railway stations. The company boasts a technological foundation, possessing the only national enterprise technology center in China's curtain wall industry and the first internationally accredited CNAS export enterprise testing center.

Attack Overview

The RansomHouse ransomware group has claimed responsibility for the attack on Jangho Group, asserting that they have accessed and stolen 2.3 TB of the company's data. This breach exposes Jangho Group to potential data leaks, which could severely impact its business operations and reputation. The company, which reported total sales of approximately $2.9 billion USD for the fiscal year 2023, now faces the daunting task of mitigating the fallout from this cyberattack.

About RansomHouse

RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together," although their actions are still considered an extortion scheme.

RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive. They exploit vulnerabilities, steal data, and maintain a data leak site to pressure victims into paying. The group targets a wide range of industries, focusing on manufacturing, finance, and small businesses in North America and Europe.

Potential Vulnerabilities

Jangho Group's extensive technological infrastructure, while a significant asset, also presents potential vulnerabilities that threat actors like RansomHouse can exploit. The company's reliance on advanced research and design centers, production bases, and a vast network of branches worldwide increases its exposure to cyber threats. The attack underscores the importance of effective cybersecurity measures to protect sensitive data and maintain operational integrity.

• Jangho Group Official Website
• RansomHouse: A New Player in Data Extortion
• Jangho Group Company Profile
• Everything About Data Extortion Group RansomHouse
• Ransomware Spotlight: RansomHouse