RansomHub Ransomware Breach Hits Castelli Group: 300GB Data Compromised
Incident Date:
July 26, 2024
Overview
Title
RansomHub Ransomware Breach Hits Castelli Group: 300GB Data Compromised
Victim
Castelli Group
Attacker
Ransomhub
Location
First Reported
July 26, 2024
RansomHub Ransomware Attack on Castelli Group
Overview of the Attack
On July 29, 2024, Castelli Group, a diversified organization based in Perth, Western Australia, specializing in real estate development and property management, fell victim to a ransomware attack by the threat actor known as RansomHub. The attack resulted in a significant data breach, compromising approximately 300GB of sensitive information. This incident has raised serious concerns about data security and operational continuity for Castelli Group.
About Castelli Group
Castelli Group, established in 1999 by Sam Castelli, operates across multiple sectors, including property development, construction, wine production, and renewable energy. The company is known for its vertically integrated business model, which allows it to manage various stages of its operations efficiently. This model facilitates the capture of profits across different income streams and ensures a strong pipeline of quality projects. Castelli Group's commitment to quality and innovation has positioned it as a significant player in the Australian market.
RansomHub: The Ransomware Group
RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. RansomHub's ransomware strains are written in Golang, a language choice that may indicate future trends in ransomware development.
Penetration and Vulnerabilities
While specific details on how RansomHub penetrated Castelli Group's systems are not publicly disclosed, common vulnerabilities exploited by ransomware groups include weak passwords, unpatched software, and phishing attacks. Given Castelli Group's diversified operations and significant data handling, the company may have been targeted due to potential gaps in cybersecurity measures across its various business sectors.
Impact and Response
The ransomware attack on Castelli Group has led to a substantial data breach, affecting the company's ability to maintain operational continuity. As the group works to assess the full impact and mitigate the damage, this incident underscores the critical importance of robust cybersecurity measures in protecting sensitive information and ensuring business resilience.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.