Park'N Fly Data Breach by RansomHub Exposes 1 Million Customers
Incident Date:
September 5, 2024
Overview
Title
Park'N Fly Data Breach by RansomHub Exposes 1 Million Customers
Victim
Park'N Fly
Attacker
Ransomhub
Location
First Reported
September 5, 2024
RansomHub Ransomware Attack on Park'N Fly
RansomHub, a notorious ransomware group, has claimed responsibility for a significant data breach at Park'N Fly, a leading provider of off-airport parking services in Canada. The breach, which occurred in July, was publicly disclosed by Park'N Fly on August 27. The compromised data includes contact information for 1 million customers, as well as Aeroplan and CAA numbers. Park'N Fly has assured its customers that no financial or payment card information was accessed during the breach, and that affected systems were restored within five days.
About Park'N Fly
Park'N Fly, founded in 1967, is a prominent provider of off-airport parking services, primarily catering to travelers seeking convenient and secure parking solutions near major airports. Headquartered in Mississauga, Ontario, the company operates in seven major markets across Canada, including Vancouver, Edmonton, Winnipeg, Toronto, Ottawa, Montreal, and Halifax. With over 50 years of experience, Park'N Fly has established itself as a leader in the industry, focusing on both valet and self-parking options. The company generated an annual revenue of around $41 million in 2024 and employs approximately 140 people.
Attack Overview
RansomHub's announcement on its leak site revealed that ransom negotiations with Park'N Fly were unsuccessful, prompting the group to attempt to sell the stolen data to a third party. Although Park'N Fly has not officially confirmed RansomHub’s involvement, no other group has claimed responsibility for the breach. The specific ransom amount demanded and the method used to infiltrate Park'N Fly’s network have not been disclosed.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, first appeared in February 2024. It quickly carved a place in the ransomware landscape by adopting a highly adaptable and aggressive affiliate model. The group is known for its speed and efficiency, using advanced data exfiltration techniques and intermittent encryption to minimize encryption time while maintaining impact. RansomHub targets large enterprises with valuable data and critical operations, focusing on sectors such as healthcare, financial services, and government.
Penetration Methods
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group has also leveraged zero-day vulnerabilities. Once inside the network, they utilize tools like Mimikatz and PsExec for lateral movement and privilege escalation. Data exfiltration is conducted using tools like WinSCP and AWS S3 before encrypting files with Curve 25519 encryption.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.