RansomHub Claims Cyberattack on Kumagai Gumi, Exfiltrates 5TB of Sensitive Data

Incident Date:

July 20, 2024

World map

Overview

Title

RansomHub Claims Cyberattack on Kumagai Gumi, Exfiltrates 5TB of Sensitive Data

Victim

Kumagai Gumi Co., Ltd.

Attacker

Ransomhub

Location

Tokyo, Japan

, Japan

First Reported

July 20, 2024

RansomHub Claims Ransomware Attack on Kumagai Gumi Co., Ltd.

Overview of Kumagai Gumi Co., Ltd.

Kumagai Gumi Co., Ltd., established in 1898 and incorporated in 1938, is a leading Japanese construction company headquartered in Shinjuku, Tokyo. The company operates primarily in the construction and civil engineering sectors, offering services such as investigation, survey, planning, design, and supervision of construction projects. With a capital of ¥30.1 billion and approximately 2,635 employees, Kumagai Gumi is known for its significant infrastructure projects, including the Tokuyama Dam and the Seikan Tunnel. The company also emphasizes environmentally friendly practices and has a strong international presence, particularly in Taiwan.

Details of the Ransomware Attack

RansomHub, a relatively new ransomware group, has claimed responsibility for a cyberattack on Kumagai Gumi Co., Ltd. The group announced the breach on their dark web leak site, stating that they had infiltrated the company's network for an extended period. During this time, they exfiltrated over 5TB of sensitive data, including various documents and client information. The attackers have threatened to release this data publicly if their demands are not met, potentially causing significant reputational damage and legal repercussions for Kumagai Gumi.

About RansomHub

RansomHub is a ransomware group believed to have roots in Russia, operating as a Ransomware-as-a-Service (RaaS) entity. Affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare institutions.

Potential Vulnerabilities and Penetration Methods

Kumagai Gumi's extensive operations and significant data repositories make it an attractive target for ransomware groups like RansomHub. The company's involvement in high-profile infrastructure projects and international collaborations increases the potential impact of a data breach. RansomHub likely penetrated Kumagai Gumi's systems through common vulnerabilities such as phishing attacks, unpatched software, or weak network security protocols. The use of Golang in their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.