RansomHouse Ransomware Attack on VOP CZ: A Detailed Analysis

Overview of VOP CZ

VOP CZ, s.p., formally known as Vojenský opravárenský podnik, is a prominent Czech company specializing in the development, production, and servicing of military equipment and systems. Established in 1946, VOP CZ has evolved from a repair service for the Czechoslovak army into a key integrator and supplier of modern military technologies. The company primarily serves the Czech Armed Forces and international clients, focusing on the design, manufacturing, and modernization of military vehicles and equipment.

Company Profile

Based in Šenov u Nového Jičina, Czech Republic, VOP CZ employs 866 individuals and generates $165 million in revenue. The company is known for its expertise in armored military vehicles, including the final assembly of these vehicles tailored to customer specifications. VOP CZ adheres to stringent safety standards and possesses the necessary certifications for military technology production. The company has a rich history of executing significant military contracts, such as the modernization of BVP-1 vehicles for the Swedish Ministry of Defence and the production of PANDUR II infantry combat vehicles.

RansomHouse Ransomware Group

RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" and has been linked to collaborating with other ransomware groups like White Rabbit and Hive. RansomHouse targets a wide range of industries, with a focus on manufacturing, finance, and small businesses in North America and Europe.

Details of the Attack

On August 18, 2023, VOP CZ was targeted by RansomHouse. The attack, which encrypted data, has been detailed on the ransomware leak page, although specific details have been withheld and sensitive information redacted. Screenshots of VOP CZ's military technology products and development processes were leaked, albeit with sensitive information redacted. The attack was scraped on September 4, 2023.

Vulnerabilities and Penetration

VOP CZ's extensive involvement in military technology and its significant role in national defense make it a high-value target for threat actors. The company's reliance on advanced software solutions and its collaborations with academic institutions and industry partners may have introduced vulnerabilities that RansomHouse exploited. The ransomware group likely penetrated VOP CZ's systems by exploiting these vulnerabilities, stealing data, and leveraging their dark web leak site to pressure the company into paying a ransom.

Sources

• VOP CZ - Army Technology
• Case Study: VOP CZ - Siemens
• RansomHouse - Trellix
• Data Extortion Group RansomHouse - Avertium
• VOP CZ and BAE Systems - CZ Defence