Ransomware Attack on Pasco International by RA World

Ransomware group RA World has attacked Pasco International, exfiltrating 270GB of data and leaking a sample of financial documents, business contracts, design drawings, customer information, and more. A deadline of 26 March has been given.

Pascoe International has been building award-winning tenders for the world’s most iconic superyachts for 20 years. Each craft is tailored to meet the owner’s requirements whilst complimenting the style and detailing of the main yacht. Working with the owner’s team and their appointed designers, every effort is made to ensure that each tender represents the mothership at the dockside.

Background of RA World

RA World (previously the RA Group) ransomware gang has successfully breached entities around the globe since it first reared its ugly head in April 2023. This ransomware group operates by first exfiltrating victims' data, followed by deploying its encryption malware. The group behind it maintains both TOR and non-TOR websites for leaking stolen data. Moreover, the ransomware is programmed to eliminate Volume Shadow Copies and system backups, stopping any attempts at system recovery in their tracks.

Method of Operation

Specific details regarding the infection pathway utilized by the RA World are not available. However, it is unlikely to deviate significantly from methods employed by other ransomware collectives.

Instances of RA World ransomware have been identified through submissions to a publicly accessible file scanning service originating from various countries, including the Netherlands, France, the United Kingdom, the Czech Republic, Poland, Colombia, and Japan.

Impact of the Attack

At present, the data leak sites associated with the ransomware name 23 victims distributed across several countries, including Germany, the UK, the US, Italy, Poland, India, Taiwan, Mexico, France, Thailand, and Korea.