Lopez Hnos Under Siege: A Closer Look at the Rhysida Ransomware Attack

Incident Date:

May 1, 2024

World map



Lopez Hnos Under Siege: A Closer Look at the Rhysida Ransomware Attack


Lopez Hnos




Chaco, Argentina

, Argentina

First Reported

May 1, 2024

Rhysida Ransomware Attack on Lopez Hnos: An In-Depth Analysis

Company Profile

Lopez Hnos, an established name in the Argentine agricultural sector, specializes in the buying, selling, transporting, and processing of crops. Founded in 1992, the company has grown to employ over 130 professionals, focusing on customer service and adaptability in a dynamic market. Their operations are critical in supporting Argentina's agricultural framework, making them a significant player in the industry.

Details of the Cyberattack

The Rhysida Ransomware Group targeted Lopez Hnos through a sophisticated cyberattack, encrypting critical data and demanding a ransom of 5 BTC (approximately $290,000). The attack compromised financial data, personally identifiable information (PII), and other sensitive documents. The exact volume of data exfiltrated remains undisclosed, but a sample of the data was publicly leaked to substantiate the breach.

Rhysida Ransomware Group's Modus Operandi

Rhysida, a relatively new but aggressive player in the cybercrime arena, has targeted various sectors with its advanced ransomware coded in C++. The group is known for its double extortion technique, where data is stolen before being encrypted. This tactic not only pressures victims through data encryption but also through the threat of public data exposure if ransoms are not paid.

The ransomware deploys via phishing campaigns, exploiting Windows OS vulnerabilities, and often gains initial access through stolen credentials. Post-infiltration, Rhysida uses tools like PsExec for lateral movement within the network, scanning and encrypting files using the ChaCha20 algorithm, and leaving behind a ransom note titled “CriticalBreachDetected.pdf”.

Potential Vulnerabilities at Lopez Hnos

The company's significant data volume, including sensitive financial and personal information, makes it an attractive target for ransomware attacks. The agricultural sector often underestimates cyber threat levels, potentially leading to less robust cybersecurity measures. Furthermore, the use of common IT infrastructure without adequate safeguards against phishing and credential theft may have left Lopez Hnos vulnerable to such a sophisticated attack.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.