ragnarlocker attacks GHI Hornos
Incident Date:
March 4, 2022
Overview
Title
ragnarlocker attacks GHI Hornos
Victim
GHI Hornos
Attacker
Ragnarlocker
Location
First Reported
March 4, 2022
GHI Hornos Suffers Ransomware Attack by Ragnarlocker Group
GHI Hornos, a leading manufacturer of industrial furnaces, has been targeted by the ransomware group Ragnarlocker, as reported on the dark web leak site. The company's operations, which include a focus on smart furnaces, plant solutions, and digitalization, are detailed on their official website.
With a history spanning over 80 years in the manufacturing sector and a global footprint that includes thousands of installations and clients across various sectors, GHI Hornos is recognized for its expertise in the fusion, treatment, and heating of metals, as well as the development of turnkey plant solutions. This positions them as a pivotal entity within the industry.
The specific vulnerabilities exploited in the ransomware attack on GHI Hornos have not been disclosed. However, it is widely acknowledged that ransomware attacks frequently leverage known vulnerabilities in public-facing systems, including but not limited to issues found in ZOHO ManageEngine, Microsoft Exchange Server, and vulnerabilities such as Citrix Bleed (CVE-2023-4966).
Ragnarlocker, a notorious ransomware group within the cyber threat landscape, has claimed responsibility for the attack on GHI Hornos. This incident underscores the persistent risks posed by cyber threats. The measures that GHI Hornos adopts in response to this attack, as well as their strategies to prevent future incidents, will be critical in safeguarding their operational continuity and the security of their clients' data.
Sources
- GHI Smart Furnaces. Retrieved April 10, 2024, from https://www.ghihornos.com
- Symantec Enterprise Blogs. (2023). "Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption." Retrieved April 10, 2024, from https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-attacks-exploits
- PrivTools. "Ransomware Posts - GitHub Pages." Retrieved April 10, 2024, from https://privtools.github.io/ransomposts/
- The No More Ransom Project. Retrieved April 10, 2024, from https://www.nomoreransom.org
- CISA. "Stop Ransomware - CISA." Retrieved April 10, 2024, from https://www.cisa.gov/stopransomware
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.