RansomHub Claims Ransomware Attack on GlowFM: Details and Implications

Incident Date:

July 19, 2024

World map

Overview

Title

RansomHub Claims Ransomware Attack on GlowFM: Details and Implications

Victim

GlowFM

Attacker

Ransomhub

Location

Eindhoven, Netherlands

, Netherlands

First Reported

July 19, 2024

RansomHub Claims Ransomware Attack on GlowFM

Overview of the Attack

GlowFM, a local radio station based in Eindhoven, Netherlands, has been targeted by the ransomware group RansomHub. The attackers infiltrated GlowFM's systems, gaining access to all files and webmails. They encrypted and exfiltrated sensitive information from the company's servers. RansomHub is demanding a ransom payment, threatening to publicly leak all private documents, databases, webmails, and source code if their demands are not met. The compromised domains include www.glowfm.nl and glowfm.nl.

About GlowFM

GlowFM operates in the Media & Internet sector, primarily as a local radio station offering a diverse range of programming and services aimed at engaging the community and providing entertainment. Based in Eindhoven, the station broadcasts various music genres and hosts interactive shows that encourage listener participation. GlowFM is known for its commitment to community involvement, frequently organizing contests and giveaways, such as ticket promotions for local events and festivals. The station also provides news and updates relevant to the Eindhoven area, fostering a sense of community among listeners.

RansomHub: The Ransomware Group

RansomHub is a relatively new ransomware group that has recently emerged in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries without following a specific pattern, including the US, Brazil, Indonesia, and Vietnam. RansomHub's ransomware strains are written in Golang, a language choice that may indicate a trend towards future ransomware developments.

Potential Vulnerabilities

GlowFM's vulnerabilities that may have been exploited by RansomHub include inadequate cybersecurity measures and potential lapses in employee training on phishing and other cyber threats. The station's commitment to community engagement and interactive programming, while beneficial for audience building, may also expose it to higher risks of cyberattacks due to increased online interactions and data exchanges.

Penetration Methods

RansomHub could have penetrated GlowFM's systems through various methods, including phishing attacks, exploiting software vulnerabilities, or leveraging weak passwords. The group's use of Golang for their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures and making detection and mitigation more challenging.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.