Polyco Healthline Hit by RansomHub Ransomware, PPE Supply at Risk
Incident Date:
August 28, 2024
Overview
Title
Polyco Healthline Hit by RansomHub Ransomware, PPE Supply at Risk
Victim
Polyco Healthline
Attacker
Ransomhub
Location
First Reported
August 28, 2024
RansomHub Ransomware Attack on Polyco Healthline: A Critical Disruption in PPE Supply Chain
Polyco Healthline, a leading provider of personal protective equipment (PPE) and hygiene products, has become the latest victim of a ransomware attack orchestrated by the notorious cybercriminal group RansomHub. The attack has compromised the company's website, www.polycohealthline.com, potentially disrupting their operations and affecting their ability to deliver essential products to their diverse clientele.
About Polyco Healthline
Polyco Healthline, established through the merger of Polyco and HPC Healthline, is a prominent supplier of PPE and hygiene products in the UK market. The company specializes in a wide range of products, including reusable and disposable gloves, disposable workwear, infection control solutions, aprons, and bags. With a workforce of approximately 111 employees and an annual revenue of $50.1 million, Polyco Healthline is recognized for its commitment to innovation, sustainability, and customer service.
The company emphasizes operational excellence, providing comprehensive services that encompass sourcing, supply, storage, and delivery. Their dedicated technical team ensures that all products meet necessary safety and quality benchmarks, further solidifying their reputation as a trusted partner in workplace safety and hygiene.
RansomHub: A Formidable Ransomware Group
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself as a significant player in the ransomware landscape. Known for its aggressive affiliate model and double extortion tactics, RansomHub encrypts victims' data and exfiltrates sensitive information to increase leverage in ransom demands. The group has close ties with the now-defunct Knight ransomware group and affiliates from ALPHV/BlackCat.
RansomHub's ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly across various platforms, including Windows, Linux, and ESXi. The group employs advanced data exfiltration techniques and intermittent encryption to minimize encryption time while maintaining impact.
Attack Overview
The ransomware attack on Polyco Healthline underscores the growing threat of ransomware attacks on critical supply chains and essential service providers. The attack has compromised the company's website, potentially disrupting their ability to deliver essential PPE and hygiene products to businesses and homes across the UK and internationally.
RansomHub affiliates likely gained initial access through phishing campaigns, vulnerability exploitation, or password spraying. Once inside, they conducted network reconnaissance, escalated privileges, and exfiltrated data before encrypting files. The group's use of Curve 25519 elliptic curve encryption and modular architecture allows for rapid updates to evade detection, making them a formidable threat to organizations worldwide.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.