lockbit2 attacks rh-europe

Incident Date:

March 21, 2022

World map

Overview

Title

lockbit2 attacks rh-europe

Victim

rh-europe

Attacker

Lockbit2

Location

New York, USA

New York, USA

First Reported

March 21, 2022

Ransomware Attack on Rh-Europe: A Cybersecurity Perspective

Company Overview

Rh-Europe is a fabricant de raccords hydrauliques complexes, or a manufacturer of complex hydraulic fittings. The company's website provides no information about its size or specific industry position, but it does mention that it personalizes choices based on different finalities and keeps these choices for six months.

Industry Standout

In the Retail sector, Rh-Europe stands out for its focus on hydraulic fittings, which are essential components in various industries, including construction, manufacturing, and transportation. The company's expertise in complex hydraulic fittings likely sets it apart from competitors, as it caters to a niche market with specific requirements.

Vulnerabilities

The ransomware attack on Rh-Europe highlights the company's vulnerabilities in cybersecurity. Lockbit2, a known ransomware group, gained unauthorized entry into the company's protected environments, gained execution privileges with the necessary permissions, prepared the payload for execution, and located and enumerated resources of interest. This sequence of events led to the encryption of files and databases, causing disruption to the company's operations.

Mitigation Strategies

To mitigate the risks of ransomware attacks, companies should focus on the following strategies:

  1. Preparation: Identify the computing resources and the security controls protecting those resources, and evaluate the adequacy of the implemented security controls to identify any existing gaps.
  2. Identification: Uncover signs of potential malicious activity within protected environments, and detect and block ransomware threats during early stages of infection.
  3. Containment: Prevent further propagation of the ransomware by isolating infected systems and disconnecting them from the network.
  4. Eradication: Ensure any traces of the ransomware infection are studied and removed, including sample extraction and digital forensics to derive Indicators of Compromise (IoCs) and TTPs, root-cause analysis to identify the source of initial intrusion, and restoration of affected systems.

The ransomware attack on Rh-Europe serves as a reminder of the importance of robust cybersecurity measures in the Retail sector. Companies must be vigilant against threats like Lockbit2, which exploit vulnerabilities in unsecured Remote Desktop Protocols and gain access to login credentials through phishing campaigns or brute force attacks. By implementing a comprehensive cybersecurity strategy, companies can better protect their assets and maintain the integrity of their operations.

Sources

  • Erasch: Fabricant de raccords hydrauliques complexes | erasch
  • The Record: Romanian hospitals offline after ransomware attack on IT platform | The Record
  • ACM: Know Thy Ransomware Response: A Detailed Framework for Devising a Ransomware Incident Response Strategy | ACM Digital Library

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.