RansomHub Hits JG Summit: 40,000 Computers Encrypted in Attack
Incident Date:
August 7, 2024
Overview
Title
RansomHub Hits JG Summit: 40,000 Computers Encrypted in Attack
Victim
JG Summit Holdings
Attacker
Ransomhub
Location
First Reported
August 7, 2024
RansomHub Targets JG Summit Holdings in Major Ransomware Attack
JG Summit Holdings, a leading Philippine conglomerate, has been targeted by the ransomware group RansomHub. The attack, which has encrypted data on over 40,000 computers, poses a significant threat to the company's diverse operations.
About JG Summit Holdings
Founded in November 1990, JG Summit Holdings, Inc. is one of the largest and most diversified conglomerates in the Philippines. The company operates across various sectors, including food and beverage, air transportation, real estate, banking, telecommunications, petrochemicals, and power generation. With a substantial market presence in the Philippines and international markets, JG Summit is a key player in the regional economy.
Attack Overview
RansomHub claims to have encrypted data on over 40,000 computers within JG Summit's network. The attackers have issued a warning of potential further attacks if their demands are not met. Despite the severity of the situation, JG Summit has activated response protocols and implemented enhanced security measures. The company assures that its business units continue to operate normally while they work closely with cybersecurity experts to investigate the incident.
About RansomHub
RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, and is known for using ransomware strains written in Golang, a trend in the ransomware world.
Potential Vulnerabilities
Given JG Summit's extensive and diverse operations, the company is a lucrative target for ransomware groups. The conglomerate's large network and significant data assets make it vulnerable to sophisticated cyberattacks. The use of Golang by RansomHub indicates a strategic approach to bypass traditional security measures, potentially exploiting vulnerabilities in JG Summit's cybersecurity infrastructure.
Response and Mitigation
JG Summit has not disclosed specific details about the data breach but remains committed to data protection and maintaining stakeholder trust. The company is working closely with cybersecurity experts to mitigate the impact of the attack and prevent future incidents. RansomHub's threat of additional encryption or data destruction underscores the critical need for enhanced cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.