RansomHouse Ransomware Attack on Hedbergs AB

Incident Date:

May 22, 2024

World map

Overview

Title

RansomHouse Ransomware Attack on Hedbergs AB

Victim

Hedbergs

Attacker

Ransomhouse

Location

Habo, Sweden

, Sweden

First Reported

May 22, 2024

RansomHouse Ransomware Attack on Hedbergs AB

Overview of the Victim: Hedbergs AB

Hedbergs Mekaniska AB, a Swedish company founded in 1949, specializes in providing construction and renovation services, selling building materials and tools, and offering consulting services for construction projects. With a strong legacy of technological ambition, the company has been a significant player in the construction sector, known for its innovative approach and strong partnerships with major companies like Ericsson and SAPA.

The company employs between 51 and 200 people and generates an annual revenue of approximately $19.2 million. Hedbergs AB has built a reputation for its technological advancements, being one of the first in Sweden to adopt CNC punching technology in the 1980s.

Details of the RansomHouse Attack

In May 2024, Hedbergs AB fell victim to a ransomware attack orchestrated by the RansomHouse group. Unlike traditional ransomware attacks that encrypt files, RansomHouse focuses on data exfiltration. The group claimed to have stolen around 300 GB of sensitive data from Hedbergs, including potentially critical business and customer information.

The attack was first detected on March 28, 2024, with the stolen data being used as leverage to demand a ransom. RansomHouse's modus operandi involves threatening to release the stolen data publicly if the ransom is not paid, adding pressure on the victim to comply with their demands.

RansomHouse: A Unique Ransomware Group

RansomHouse distinguishes itself from other ransomware groups by not encrypting the victim's data. Instead, they exfiltrate sensitive information and use it for extortion. The group emerged in late 2021 and has since been involved in several high-profile attacks, including breaches of organizations like the Saskatchewan Liquor and Gaming Authority (SLGA) and a major company in October 2023.

RansomHouse often collaborates with other ransomware groups such as White Rabbit and Hive. They communicate with their victims through a Tor-based chat room and data leak blog, demanding ransom payments in Bitcoin.

Potential Vulnerabilities and Attack Vector

The specifics of how RansomHouse penetrated Hedbergs AB's systems have not been disclosed. However, common vulnerabilities exploited by ransomware groups include weak passwords, outdated software, and insufficient network security measures. Companies like Hedbergs, with significant technological infrastructure, need robust cybersecurity protocols to protect against such sophisticated attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.