RansomHub attacks Cuevas Group

Incident Date:

April 16, 2024

World map

Overview

Title

RansomHub attacks Cuevas Group

Victim

Cuevas Group

Attacker

Ransomhub

Location

Valencia, Spain

Quatre Carreres, Spain

First Reported

April 16, 2024

The RansomHub Ransomware Group Compromises Grupo Cuevas

Overview

The RansomHub ransomware group has reportedly compromised Grupo Cuevas. 26 GB of data has allegedly been exfiltrated, and a ransom deadline of 24 April has been given.

Background

Grupo Cuevas has a long history, built over three centuries by four generations of the Cuevas family. It operates prominently in different sectors of food distribution and agri-food industry.

RansomHub Group

RansomHub is a relatively new ransomware-as-a-service operation whose darknet site features an Index page where all its victims are listed, as well as About and Contact pages. The group claims to be a team of hackers from around the world, motivated by one thing – financial gain. However, the gang does say that it does not allow attacks against certain targets, including CIS, Cuba, North Korea, and China. The group also lists a few general rules that it follows and rules for its affiliates. RansomHub does not allow non-profit organizations to be targeted or re-attacked; in other words, it prohibits follow-up attacks on victims who have already paid.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.