RansomHub Ransomware Attack Disrupts GarudaFood Operations, Data at Risk

Incident Date:

July 20, 2024

World map

Overview

Title

RansomHub Ransomware Attack Disrupts GarudaFood Operations, Data at Risk

Victim

GarudaFood

Attacker

Ransomhub

Location

Jakarta, Indonesia

, Indonesia

First Reported

July 20, 2024

RansomHub Ransomware Attack on GarudaFood

Overview of the Attack

GarudaFood Putra Putri Jaya Tbk, a leading Indonesian food and beverage company, has been targeted by the ransomware group RansomHub. The attack has severely disrupted the company's operations, with production coming to a halt and sensitive data being exfiltrated. RansomHub has issued an ultimatum, demanding negotiations through their specified chat channel, failing which they threaten to release the stolen data publicly.

About GarudaFood

Founded in 1990, GarudaFood is one of Indonesia's largest food and beverage companies, with business activities dating back to 1979. The company operates under the Tudung Group and is headquartered in South Jakarta. GarudaFood's product portfolio includes snacks, chocolate, biscuits, and dairy items, marketed under well-known brands such as Garuda, Gery, Chocolatos, Clevo, Prochiz, Okky, and Mountea. The company exports to over 30 countries, primarily focusing on ASEAN nations and China. GarudaFood's commitment to innovation, quality, and customer satisfaction has earned it numerous awards, including the HR Excellence Award for Learning & Development and Knowledge Management in 2023.

RansomHub: The Ransomware Group

RansomHub is a relatively new player in the ransomware landscape, operating as a Ransomware-as-a-Service (RaaS) group. Believed to have roots in Russia, RansomHub's operations resemble traditional Russian ransomware setups. The group distinguishes itself by making claims and backing them up with data leaks. RansomHub's ransomware strains are written in Golang, a language gaining popularity in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions being among the notable victims.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, RansomHub likely exploited vulnerabilities within GarudaFood's network infrastructure. Common entry points for ransomware attacks include phishing emails, unpatched software, and weak network security protocols. Given GarudaFood's extensive digital transformation efforts and engagement with consumers through various channels, the company may have inadvertently exposed itself to cyber threats. The attack underscores the importance of robust cybersecurity measures, especially for companies with significant market presence and extensive digital operations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.