Lago Group Hit by RansomHouse: 450GB Data Stolen in Cyber Attack
Incident Date:
July 26, 2024
Overview
Title
Lago Group Hit by RansomHouse: 450GB Data Stolen in Cyber Attack
Victim
Lago Group Spa
Attacker
Ransomhouse
Location
First Reported
July 26, 2024
RansomHouse Ransomware Attack on Lago Group S.p.A.
Overview of Lago Group S.p.A.
Lago Group S.p.A., established in 1968, is an Italian company renowned for its production of a diverse range of baked goods, primarily focusing on confectionery items such as cakes, biscuits, snacks, and wafers. The company emphasizes quality and tradition in its manufacturing processes, offering products that cater to various tastes and dietary needs, including sugar-free options. With annual revenues exceeding €50 million and a workforce of 303 employees, Lago Group has a significant presence in the Italian food industry and exports to more than 80 countries.
Details of the Ransomware Attack
On July 29, 2024, Lago Group S.p.A. fell victim to a ransomware attack orchestrated by the cybercriminal group RansomHouse. The breach led to the exfiltration of 450 GB of data from the company's systems. The specific nature of the compromised data and the full scope of the attack are still under investigation. As of now, details regarding any ransom demands or the actions taken by Lago Group in response to the attack have not been disclosed.
About RansomHouse
RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together." However, their actions are still considered an extortion scheme that benefits only the group.
Potential Vulnerabilities and Penetration Methods
RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive. They use tactics such as exploiting vulnerabilities, stealing data, and maintaining a data leak site to pressure victims into paying. The group has targeted a wide range of industries, with a focus on manufacturing, finance, and small businesses in North America and Europe. Lago Group's reliance on advanced technology alongside traditional craftsmanship may have presented vulnerabilities that RansomHouse exploited to gain access to their systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.