RansomHub Claims 200GB Data Theft in Ransomware Attack on Clevo Co.
Incident Date:
June 12, 2024
Overview
Title
RansomHub Claims 200GB Data Theft in Ransomware Attack on Clevo Co.
Victim
Clevo Co.
Attacker
Ransomhub
Location
First Reported
June 12, 2024
RansomHub Claims Ransomware Attack on Clevo Co.
Overview of Clevo Co.
Clevo Co., established in 1983, is a Taiwanese company specializing in the design and manufacturing of high-performance notebook computers and related hardware. Operating as an Original Design Manufacturer (ODM), Clevo focuses on engineering and production, allowing its partners to handle marketing and sales. The company is known for its customizable and high-quality laptops, particularly in the gaming, professional, and enthusiast markets. Clevo reported a revenue of TWD 24.38 billion in 2022 and employs approximately 4,820 people.
Details of the Ransomware Attack
RansomHub, a ransomware group, has claimed responsibility for a cyberattack on Clevo Co. The group announced the attack on their dark web leak site, stating they had stolen 200GB of data from Clevo's networks. RansomHub has given Clevo an eight-day countdown to negotiate and pay the ransom, threatening to publish the stolen data if their demands are not met. The group claims that all network and backups have been fully encrypted.
About RansomHub
RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, and has previously been involved in publishing stolen data from UnitedHealth Group’s Change Healthcare hack. RansomHub's ransomware strains are written in Golang, a language gaining popularity in the ransomware world.
Potential Vulnerabilities
Clevo's extensive network and reliance on high-performance computing make it an attractive target for ransomware groups like RansomHub. The company's focus on engineering and production, while beneficial for innovation, may also present vulnerabilities in cybersecurity measures. The attack highlights the importance of robust cybersecurity protocols and the need for continuous monitoring and updating of security systems to protect against sophisticated cyber threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.