RansomHub Ransomware Attack on Bench International Exposes 50GB of Sensitive Data

Incident Date:

July 16, 2024

World map

Overview

Title

RansomHub Ransomware Attack on Bench International Exposes 50GB of Sensitive Data

Victim

Bench International

Attacker

Ransomhub

Location

La Jolla, USA

California, USA

First Reported

July 16, 2024

RansomHub Targets Bench International in Ransomware Attack

Overview of the Attack

Bench International, a leading executive search firm in the life sciences and healthcare sectors, has been targeted by the ransomware group RansomHub. The cybercriminals claim to have accessed 50GB of sensitive data and have threatened to publish it within two days if their demands are not met. This breach underscores the increasing threat of ransomware attacks on prominent organizations.

About Bench International

Founded in 1974 and headquartered in La Jolla, California, Bench International is renowned for its expertise in executive search and leadership consulting within the life sciences and healthcare industries. The firm operates globally with offices in the United States, the United Kingdom, and Switzerland. Bench International is distinguished by its commitment to diversity, boasting a 33% placement rate of leaders from diverse backgrounds. The company has a strong track record with a 98% project completion rate and a 75% retention rate for leaders placed over five years.

Vulnerabilities and Impact

Bench International's extensive network and handling of sensitive client data make it a prime target for ransomware attacks. The breach could significantly impact the firm's operations and reputation, given its role in high-impact leadership placements and strategic advisory services. The potential exposure of confidential data could undermine client trust and lead to financial and legal repercussions.

About RansomHub

RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries and industries, including healthcare. RansomHub's ransomware strains are written in Golang, a trend among recent ransomware strains, which may indicate a shift towards more sophisticated attacks.

Penetration Methods

While the exact method of penetration in the Bench International attack is not disclosed, RansomHub typically exploits vulnerabilities in corporate networks to gain access. The use of Golang in their ransomware strains suggests a focus on evading traditional security measures. The group's strategy of making claims and backing them up with data leaks adds pressure on victims to comply with ransom demands.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.