RansomHouse Ransomware Attack on Hedbergs AB
Incident Date:
May 22, 2024
Overview
Title
RansomHouse Ransomware Attack on Hedbergs AB
Victim
Hedbergs
Attacker
Ransomhouse
Location
First Reported
May 22, 2024
RansomHouse Ransomware Attack on Hedbergs AB
Overview of the Victim: Hedbergs AB
Hedbergs Mekaniska AB, a Swedish company founded in 1949, specializes in providing construction and renovation services, selling building materials and tools, and offering consulting services for construction projects. With a strong legacy of technological ambition, the company has been a significant player in the construction sector, known for its innovative approach and strong partnerships with major companies like Ericsson and SAPA.
The company employs between 51 and 200 people and generates an annual revenue of approximately $19.2 million. Hedbergs AB has built a reputation for its technological advancements, being one of the first in Sweden to adopt CNC punching technology in the 1980s.
Details of the RansomHouse Attack
In May 2024, Hedbergs AB fell victim to a ransomware attack orchestrated by the RansomHouse group. Unlike traditional ransomware attacks that encrypt files, RansomHouse focuses on data exfiltration. The group claimed to have stolen around 300 GB of sensitive data from Hedbergs, including potentially critical business and customer information.
The attack was first detected on March 28, 2024, with the stolen data being used as leverage to demand a ransom. RansomHouse's modus operandi involves threatening to release the stolen data publicly if the ransom is not paid, adding pressure on the victim to comply with their demands.
RansomHouse: A Unique Ransomware Group
RansomHouse distinguishes itself from other ransomware groups by not encrypting the victim's data. Instead, they exfiltrate sensitive information and use it for extortion. The group emerged in late 2021 and has since been involved in several high-profile attacks, including breaches of organizations like the Saskatchewan Liquor and Gaming Authority (SLGA) and a major company in October 2023.
RansomHouse often collaborates with other ransomware groups such as White Rabbit and Hive. They communicate with their victims through a Tor-based chat room and data leak blog, demanding ransom payments in Bitcoin.
Potential Vulnerabilities and Attack Vector
The specifics of how RansomHouse penetrated Hedbergs AB's systems have not been disclosed. However, common vulnerabilities exploited by ransomware groups include weak passwords, outdated software, and insufficient network security measures. Companies like Hedbergs, with significant technological infrastructure, need robust cybersecurity protocols to protect against such sophisticated attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.