RansomHub Claims Major Ransomware Attack on Overseas Shipholding Group
Incident Date:
August 19, 2024
Overview
Title
RansomHub Claims Major Ransomware Attack on Overseas Shipholding Group
Victim
Overseas Shipholding Group
Attacker
Ransomhub
Location
First Reported
August 19, 2024
RansomHub Claims Ransomware Attack on Overseas Shipholding Group
About Overseas Shipholding Group
Founded in 1948 and headquartered in Tampa, Florida, OSG operates a diverse fleet that includes Suezmax crude oil tankers, articulated tug-barge (ATB) units, and various types of medium-range (MR) tankers. The company specializes in the delivery of crude oil and petroleum products both within the United States and internationally. OSG's operations are primarily focused on U.S. flag markets, governed by the Jones Act, ensuring that only U.S.-built, U.S.-owned, and U.S.-crewed vessels operate in domestic waters.
OSG employs approximately 1,078 people and operates a fleet of 24 vessels. The company is known for its commitment to safety, environmental compliance, and high-quality service, positioning itself as a preferred carrier for major oil companies, refiners, and traders.
Attack Overview
The ransomware group RansomHub has claimed responsibility for the attack on OSG via their dark web leak site. The group alleges that they have exfiltrated over 1 TB of sensitive data from OSG's systems and have issued a threat to publish the data within the next few days if their demands are not met. The specifics of the ransom demand have not been disclosed.
About RansomHub
RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. The group operates as a Ransomware-as-a-Service (RaaS) entity, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare-related institutions.
RansomHub's ransomware strains are written in Golang, a language that is becoming increasingly popular among ransomware developers. This choice of programming language may indicate a trend towards more sophisticated and harder-to-detect ransomware attacks.
Potential Vulnerabilities
While the exact method of penetration used by RansomHub in the OSG attack is not yet known, common vulnerabilities that ransomware groups exploit include unpatched software, weak passwords, and phishing attacks. Given OSG's extensive operations and reliance on digital systems for fleet management and logistics, any lapse in cybersecurity measures could have provided an entry point for the attackers.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.