RansomHub Ransomware Attack Disrupts INORDE's Economic Projects
Incident Date:
September 5, 2024
Overview
Title
RansomHub Ransomware Attack Disrupts INORDE's Economic Projects
Victim
Instituto Ourensano de Desarrollo Económico)
Attacker
Ransomhub
Location
First Reported
September 5, 2024
RansomHub Targets Instituto Ourensano de Desarrollo Económico in Ransomware Attack
In a recent cyberattack, the ransomware group RansomHub has claimed responsibility for compromising the Instituto Ourensano de Desarrollo Económico (INORDE), a local administrative body in Ourense, Spain. INORDE, which operates under the Provincial Council of Ourense, focuses on promoting sustainable economic development in the region. The attack was announced on RansomHub's dark web leak site, raising concerns about the security of sensitive data managed by the institute.
About INORDE
INORDE is a public entity dedicated to fostering economic growth in Ourense. The institute manages projects funded by the European Union, targeting sectors such as tourism, agriculture, and entrepreneurship. INORDE supports local businesses, particularly in the agricultural sector, by promoting traditional practices and local products. Additionally, the institute organizes events to boost tourism, thereby stimulating local economic activity. INORDE's collaborative approach with local governments, businesses, and community organizations aims to create a resilient and sustainable economy.
Attack Overview
The ransomware attack on INORDE has potentially compromised critical systems and sensitive data. RansomHub, known for its aggressive double extortion tactics, encrypts victims' data and exfiltrates sensitive information to increase leverage in ransom demands. The attack on INORDE could disrupt ongoing projects and jeopardize the security of data related to local businesses and EU-funded initiatives.
RansomHub's Modus Operandi
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly gained notoriety for its adaptable and aggressive affiliate model. The group targets high-value sectors, including healthcare, financial services, and government. RansomHub affiliates use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. They then conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files.
Penetration and Impact
RansomHub's ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly across various platforms, including Windows, Linux, and ESXi. The group leverages vulnerabilities in unpatched systems and employs advanced data exfiltration techniques. INORDE's reliance on digital systems for project management and data storage made it a vulnerable target. The attack could severely impact the institute's operations, particularly its ability to manage EU-funded projects and support local businesses.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.