RansomHouse Ransomware Hits Veren Inc., Ex-Crescent Point Energy
Incident Date:
August 2, 2024
Overview
Title
RansomHouse Ransomware Hits Veren Inc., Ex-Crescent Point Energy
Victim
Veren Inc and Crescent Point Energy
Attacker
Ransomhouse
Location
First Reported
August 2, 2024
RansomHouse Ransomware Attack on Veren Inc. and Crescent Point Energy
In a significant cybersecurity incident, the ransomware group RansomHouse has claimed responsibility for an attack on Veren Inc., formerly known as Crescent Point Energy Corp. The attack, which took place on April 23, 2024, has resulted in the encryption of critical company data and the exfiltration of approximately 400GB of sensitive information.
About Veren Inc.
Veren Inc., headquartered in Calgary, Alberta, is a prominent player in the North American oil and gas industry. The company, which underwent a rebranding from Crescent Point Energy Corp. in May 2024, focuses on the exploration and production of oil and gas, particularly in the Montney and Kaybob Duvernay regions of Alberta. With a workforce of approximately 777 employees, Veren Inc. has been actively restructuring its asset portfolio to concentrate on high-netback, liquids-rich assets. The company reported a revenue of $2.4 billion and has been involved in significant acquisitions, including Shell Canada's Kaybob Duvernay assets and Spartan Delta Corp.'s Montney assets.
Attack Overview
The ransomware attack by RansomHouse on Veren Inc. has led to the encryption of the company's data and the theft of approximately 400GB of sensitive information. The attackers disclosed the breach on August 2, 2024, on their dark web leak site. The incident has garnered attention, with 142 views at the time of reporting. Although an evidence pack is available for download, the full data dump has not yet been released.
About RansomHouse
RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together." However, their actions are still considered an extortion scheme. RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive, using tactics such as exploiting vulnerabilities and maintaining a data leak site to pressure victims into paying.
Vulnerabilities and Penetration
Veren Inc.'s focus on high-value assets and significant acquisitions may have made it an attractive target for threat actors like RansomHouse. The group's ability to exploit vulnerabilities and gain access to corporate networks suggests that Veren Inc. may have had weaknesses in its cybersecurity defenses. The exact method of penetration remains unclear, but it is likely that RansomHouse exploited existing vulnerabilities within the company's network infrastructure to gain unauthorized access and exfiltrate data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.