RA World attacks Schwarz & Grantz Hamburg GmbH

Incident Date:

March 23, 2024

World map

Overview

Title

RA World attacks Schwarz & Grantz Hamburg GmbH

Victim

Schwarz & Grantz Hamburg GmbH

Attacker

Ra World

Location

Hamburg, Germany

, Germany

First Reported

March 23, 2024

RA World Ransomware Group Targets Schwarz & Grantz Hamburg GmbH

RA World ransomware group has attacked Schwarz & Grantz Hamburg GmbH, exfiltrating 300GB of data, including financial documents, business contracts, HR documents, and legal documents, among others. A deadline of 26 March has been given. Schwarz & Grantz has been in business for more than 50 years. It is one of the largest companies in technical building equipment and plant engineering in northern Germany.

Background of RA World Ransomware Group

RA World (previously the RA Group) ransomware gang has successfully breached entities around the globe since it first reared its ugly head in April 2023. This ransomware group operates by first exfiltrating victims' data, followed by deploying its encryption malware. The group behind it maintains both TOR and non-TOR websites for leaking stolen data. Moreover, the ransomware is programmed to eliminate Volume Shadow Copies and system backups, stopping any attempts at system recovery in their tracks.

Method of Operation

Specific details regarding the infection pathway utilized by the RA World are not available. However, it is unlikely to deviate significantly from methods employed by other ransomware collectives. Instances of RA World ransomware have been identified through submissions to a publicly accessible file scanning service originating from various countries, including the Netherlands, France, the United Kingdom, the Czech Republic, Poland, Colombia, and Japan.

Impact and Scope of the Attack

At present, the data leak sites associated with the ransomware name 23 victims distributed across several countries, including Germany, the UK, the US, Italy, Poland, India, Taiwan, Mexico, France, Thailand, and Korea.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.