RansomHub Hits Chile's Largest Family-Owned Winery in Major Cyberattack
Incident Date:
August 30, 2024
Overview
Title
RansomHub Hits Chile's Largest Family-Owned Winery in Major Cyberattack
Victim
Viña Luis Felipe Edwards
Attacker
Ransomhub
Location
First Reported
August 30, 2024
RansomHub Targets Viña Luis Felipe Edwards in Ransomware Attack
Viña Luis Felipe Edwards, a prominent family-owned winery in Chile’s Colchagua Valley, has become the latest victim of a ransomware attack orchestrated by the cybercriminal group RansomHub. The attack, discovered on September 2, 2024, compromised the winery's website, lfewines.com, resulting in a significant data breach with a leak size of 178GB.
About Viña Luis Felipe Edwards
Established in 1976 by Luis Felipe Edwards Sr., Viña Luis Felipe Edwards (LFE Wines) is the largest family-owned wine company in Chile. The winery operates across 1,850 hectares of vineyards in several premier wine-growing regions. Known for its commitment to quality and innovation, LFE Wines produces a diverse range of wines, including Cabernet Sauvignon, Merlot, Carmenere, and Malbec. The company employs around 186 people and reports an estimated revenue of approximately $4 million.
Attack Overview
The ransomware attack on LFE Wines highlights the growing threat of cyberattacks on businesses of all sizes and sectors. RansomHub, a Ransomware-as-a-Service (RaaS) group, claimed responsibility for the attack via their dark web leak site. The group is known for its aggressive affiliate model and double extortion tactics, encrypting victims' data and exfiltrating sensitive information to leverage ransom demands.
RansomHub's Modus Operandi
RansomHub distinguishes itself with its speed and efficiency, targeting large enterprises with valuable data. The group uses a combination of phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. Once inside, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. RansomHub's ransomware is optimized to encrypt large datasets quickly, using Curve 25519 elliptic curve encryption to generate unique keys per victim.
Potential Vulnerabilities
Viña Luis Felipe Edwards, like many businesses, may have been vulnerable due to unpatched systems or inadequate cybersecurity measures. RansomHub affiliates often exploit known vulnerabilities in systems like Citrix ADC and FortiOS, as well as leveraging zero-day vulnerabilities. The winery's reliance on digital infrastructure for operations and global distribution makes it a lucrative target for ransomware groups seeking high-value data.
Impact and Implications
The ransomware attack on LFE Wines underscores the critical need for enhanced cybersecurity measures in the agriculture sector. As the winery navigates the aftermath of the breach, the incident serves as a stark reminder of the pervasive threat posed by sophisticated ransomware groups like RansomHub.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.