RansomHouse Strikes Gantan Beauty Industry
Incident Date:
May 17, 2024
Overview
Title
RansomHouse Strikes Gantan Beauty Industry
Victim
Gantan Beauty Industry
Attacker
Ransomhouse
Location
First Reported
May 17, 2024
Ransomware Attack on Gantan Beauty Industry by RansomHouse
Victim Overview
A Japanese company specializing in metal roofing solutions, Gantan Beauty Industry, fell victim to a ransomware attack orchestrated by the cybercriminal group RansomHouse. The company has been a pioneer in the field for over 50 years, known for its innovative technology, commitment to environmental sustainability, and high-quality roofing products.
Company Profile
Gantan Beauty Industry focuses on developing environmentally friendly construction materials, including photovoltaic power generation roofs and natural lighting solutions. They are recognized for their advanced technology in metal roofing and their dedication to creating durable and sustainable roofing solutions.
Attack Overview
The ransomware attack on Gantan Beauty Industry resulted in the exfiltration of 400 GB of data by RansomHouse. The attackers successfully infiltrated the company's systems, although specific details about the ransom demand were not disclosed. A sample of the exfiltrated data was leaked as part of the aftermath of the attack.
Ransomware Group - RansomHouse
RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse focuses on stealing sensitive data from victims and threatening to publicly release it if a ransom is not paid. The group distinguishes itself by not encrypting the stolen data, making the attacks stealthier and potentially allowing for a longer dwell time before detection.
Penetration and Vulnerabilities
The ransomware group likely penetrated Gantan Beauty Industry's systems through vulnerabilities in their cybersecurity defenses. The company's high-profile status in the manufacturing sector and their valuable data on roofing solutions and patents made them an attractive target for threat actors. The lack of robust security measures may have facilitated the successful exfiltration of a significant amount of data by RansomHouse.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.