RansomExx Ransomware Hits Planet Group International: Key Insights
Incident Date:
July 26, 2024
Overview
Title
RansomExx Ransomware Hits Planet Group International: Key Insights
Victim
Planet Group International
Attacker
Ransomexx
Location
First Reported
July 26, 2024
RansomExx Ransomware Attack on Planet Group International: A Detailed Analysis
Overview of Planet Group International
Planet Group International (PGI) is a technology-focused company with over 25 years of experience in delivering professional IT services across various sectors, including energy, oil and gas, finance, retail, and governmental services. PGI is known for its client-oriented approach, employing a highly qualified and internationally certified professional team to address complex challenges and provide tailored solutions. The company specializes in enterprise content management, project management, consulting, and document management solutions. With headquarters in Romania and additional offices across Europe, Africa, and the Middle East, PGI serves clients in the EMEA region effectively.
Details of the Ransomware Attack
On July 29, 2024, Planet Group International fell victim to a ransomware attack orchestrated by the RansomExx group. The breach resulted in a data leak of approximately 4.9GB, compromising sensitive information and potentially impacting the company's operations and client trust. The attack underscores the growing threat of ransomware attacks on IT service providers and highlights the critical need for robust cybersecurity measures.
About RansomExx
RansomExx, initially known as "Defray," is a dangerous ransomware variant active since 2018. The group behind RansomExx, known as Sprite Spider, has a long history of deploying various malware tools to target organizations worldwide. RansomExx is notable for targeting both Windows and Linux environments, employing a tactic known as "double extortion," where stolen data is published on their dark web leak site if the ransom is not paid. High-profile victims of RansomExx include the Texas Department of Transportation, Gigabyte, Hellman Worldwide Logistics, and Ferrari.
Penetration and Impact
RansomExx employs sophisticated techniques to infiltrate and spread within target networks. These techniques include using compromised remote desktop protocol, phishing campaigns, exploiting vulnerabilities, and leveraging tools like Pyxie, Cobalt Strike, and Vatet for post-compromise activities. The attack on PGI likely exploited vulnerabilities in their network security, emphasizing the importance of maintaining strong credential hygiene and comprehensive incident response plans.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.