RansomHouse Ransomware Attack on Hedbergs AB

Overview of the Victim: Hedbergs AB

Hedbergs Mekaniska AB, a Swedish company founded in 1949, specializes in providing construction and renovation services, selling building materials and tools, and offering consulting services for construction projects. With a strong legacy of technological ambition, the company has been a significant player in the construction sector, known for its innovative approach and strong partnerships with major companies like Ericsson and SAPA.

The company employs between 51 and 200 people and generates an annual revenue of approximately $19.2 million. Hedbergs AB has built a reputation for its technological advancements, being one of the first in Sweden to adopt CNC punching technology in the 1980s.

Details of the RansomHouse Attack

In May 2024, Hedbergs AB fell victim to a ransomware attack orchestrated by the RansomHouse group. Unlike traditional ransomware attacks that encrypt files, RansomHouse focuses on data exfiltration. The group claimed to have stolen around 300 GB of sensitive data from Hedbergs, including potentially critical business and customer information.

The attack was first detected on March 28, 2024, with the stolen data being used as leverage to demand a ransom. RansomHouse's modus operandi involves threatening to release the stolen data publicly if the ransom is not paid, adding pressure on the victim to comply with their demands.

RansomHouse: A Unique Ransomware Group

RansomHouse distinguishes itself from other ransomware groups by not encrypting the victim's data. Instead, they exfiltrate sensitive information and use it for extortion. The group emerged in late 2021 and has since been involved in several high-profile attacks, including breaches of organizations like the Saskatchewan Liquor and Gaming Authority (SLGA) and a major company in October 2023.

RansomHouse often collaborates with other ransomware groups such as White Rabbit and Hive. They communicate with their victims through a Tor-based chat room and data leak blog, demanding ransom payments in Bitcoin.

Potential Vulnerabilities and Attack Vector

The specifics of how RansomHouse penetrated Hedbergs AB's systems have not been disclosed. However, common vulnerabilities exploited by ransomware groups include weak passwords, outdated software, and insufficient network security measures. Companies like Hedbergs, with significant technological infrastructure, need robust cybersecurity protocols to protect against such sophisticated attacks.

Sources

• Detected: Hedbergs AB falls victim to the RansomHouse Ransomware - Marco Ramilli