RansomHub Hits Italian Tech Firm Poker S.p.A. in Major Ransomware Attack
Incident Date:
September 2, 2024
Overview
Title
RansomHub Hits Italian Tech Firm Poker S.p.A. in Major Ransomware Attack
Victim
Poker S.p.A.
Attacker
Ransomhub
Location
First Reported
September 2, 2024
RansomHub Targets Poker S.p.A. in Devastating Ransomware Attack
In a recent cyberattack, the ransomware group RansomHub has claimed responsibility for compromising the systems of Poker S.p.A., an Italian company specializing in software development and consulting services. The attack, which resulted in the exfiltration of 7.00 GB of data, has put the company in a precarious position, with a ransom deadline set for September 10, 2024.
About Poker S.p.A.
Founded in 1980 and headquartered in Settimo Torinese, Piedmont, Poker S.p.A. is a notable player in the North-Western Italian technology sector. The company employs approximately 30 to 35 individuals and generates an annual revenue of around $5 million. Poker S.p.A. is renowned for its ERP solutions, including the Quasar-X system developed in partnership with Compuware during the 1990s. The company serves over 500 client companies, offering services such as software development, project consulting, CRM and ERP solutions, business intelligence, and cloud services.
Attack Overview
The ransomware attack on Poker S.p.A. was orchestrated by RansomHub, a Ransomware-as-a-Service (RaaS) group known for its aggressive and adaptable affiliate model. The group has a reputation for targeting high-value sectors and employs a combination of encryption and data exfiltration to maximize leverage in ransom demands. In this instance, RansomHub managed to exfiltrate 7.00 GB of sensitive data from Poker S.p.A., significantly disrupting their operations.
RansomHub's Modus Operandi
RansomHub distinguishes itself through its speed and efficiency, utilizing advanced encryption techniques and targeting a wide range of cross-platform systems. The group primarily gains initial access through phishing campaigns, vulnerability exploitation, and password spraying. Once inside, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. RansomHub's ransomware is known for its intermittent encryption, which minimizes encryption time while maintaining impact.
Vulnerabilities and Penetration
Poker S.p.A.'s extensive use of various technologies and platforms, including integrations with tools like Asterisk, Atlassian Jira, and Google AdWords, may have presented multiple attack vectors for RansomHub. The group's affiliates likely exploited unpatched vulnerabilities or used phishing to gain initial access. Given the company's reliance on Oracle databases and other critical systems, the attack underscores the importance of robust cybersecurity measures.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.