RansomHub Hits Spanish Environmental Firm Adantia in Major Attack
Incident Date:
September 18, 2024
Overview
Title
RansomHub Hits Spanish Environmental Firm Adantia in Major Attack
Victim
Adantia
Attacker
Ransomhub
Location
First Reported
September 18, 2024
RansomHub Targets Adantia in Ransomware Attack
Adantia, a Spanish environmental consultancy specializing in water management, has become the latest victim of a ransomware attack orchestrated by the notorious RansomHub group. The attackers claim to have exfiltrated 27 GB of sensitive data from Adantia's systems and have set a ransom deadline for October 2, 2024.
About Adantia
Founded in 1993 and based in Santiago de Compostela, Galicia, Adantia SL is an independent consultancy with a workforce of 20 to 49 employees. The company focuses on environmental management, particularly the water cycle, and offers services such as watershed management, wastewater treatment plant audits, and environmental tax management. Adantia is also involved in creating thematic maps, conducting environmental assessments, and developing software solutions to support their operations. Their commitment to sustainable practices and compliance with European environmental standards makes them a key player in the sector.
Attack Overview
RansomHub, a Ransomware-as-a-Service (RaaS) group, has claimed responsibility for the attack on Adantia. The group has released samples of the stolen data on their dark web leak site to substantiate their claims. The attack highlights the vulnerabilities of small to medium-sized enterprises in the environmental sector, which often lack the necessary cybersecurity measures to fend off sophisticated cyber threats.
RansomHub's Modus Operandi
RansomHub emerged in February 2024 and quickly gained notoriety for its aggressive affiliate model and double extortion tactics. The group is known for its speed and efficiency, using advanced data exfiltration techniques and intermittent encryption to minimize detection. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. Once inside, they conduct network reconnaissance, escalate privileges, and exfiltrate data before encrypting files.
Penetration Methods
RansomHub likely exploited unpatched vulnerabilities or used phishing campaigns to penetrate Adantia's systems. The group's ransomware is optimized for cross-platform systems, including Windows, Linux, and ESXi, making it highly adaptable. Their use of tools like Mimikatz and PsExec for lateral movement and data exfiltration tools like WinSCP and RClone further complicates detection and mitigation efforts.
Impact on Adantia
The attack on Adantia underscores the growing threat of ransomware to critical sectors like environmental management. The exfiltration of 27 GB of sensitive data could have severe implications for the company's operations and reputation. As Adantia navigates this crisis, the incident serves as a stark reminder of the importance of effective cybersecurity measures in protecting valuable data and maintaining operational integrity.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.