RansomHub Cyberattack on PSG Banatski Dvor D.O.O.

Incident Date:

May 30, 2024

World map

Overview

Title

RansomHub Cyberattack on PSG Banatski Dvor D.O.O.

Victim

PSG Banatski Dvor D.O.O.

Attacker

Ransomhub

Location

Novi Sad, Serbia

, Serbia

First Reported

May 30, 2024

Ransomware Attack on PSG Banatski Dvor D.O.O. by RansomHub

Company Profile

PSG Banatski Dvor D.O.O. is a gas storage services provider based in Serbia. Renowned for its underground gas storage facility, the company boasts a maximum capacity of 450 million cubic meters, constructed with an investment of around EUR 100 million.

Company Size

While the exact size of PSG Banatski Dvor D.O.O. is not explicitly mentioned, it is inferred that the company is a significant player in the gas storage services sector in Serbia.

Company Standout

Standing out in the industry, PSG Banatski Dvor D.O.O. is distinguished by its underground gas storage facility, a key asset in Serbia's gas storage services sector.

Company Vulnerabilities

The critical nature of PSG Banatski Dvor D.O.O.'s operations and the sensitive data it holds may have made it a target for threat actors like the RansomHub ransomware group. Potential vulnerabilities include inadequate cybersecurity measures, insufficient employee training on cybersecurity best practices, and possible weaknesses in its IT infrastructure.

Attack Overview

The RansomHub ransomware group launched a cyberattack on PSG Banatski Dvor D.O.O., exfiltrating approximately 80 GB of sensitive data. The stolen data encompassed critical files from various departments, including IT, Accounting, Finance, Projects, Client databases, Budgets, Taxes, Logistics, Production data, HR, Legal documents, KPIs, and R&D documents. Additionally, the attackers disabled the SCADA systems, causing significant operational disruptions.

Ransomware Group Profile

RansomHub operates as a Ransomware-as-a-Service (RaaS) group, distinguishing itself by making claims and backing them up with data leaks. Affiliates of the group receive 90% of the ransom money. RansomHub targets various countries and industries, including healthcare-related institutions, and its ransomware strains are written in Golang, a relatively new trend in the ransomware world.

Penetration of Company Systems

RansomHub likely penetrated PSG Banatski Dvor D.O.O.'s systems through phishing emails, exploiting vulnerabilities in the company's network, or possibly through insider threats. The group may have conducted reconnaissance to identify weaknesses in the company's cybersecurity defenses before launching the attack.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.