RansomHub Ransomware Cripples Alabama Plate Cutting Company
Incident Date:
August 26, 2024
Overview
Title
RansomHub Ransomware Cripples Alabama Plate Cutting Company
Victim
Alabama Plate Cutting Co
Attacker
Ransomhub
Location
First Reported
August 26, 2024
RansomHub Ransomware Attack on Alabama Plate Cutting Company
Alabama Plate Cutting Company (APCCO), a key player in the steel plate processing industry, has been targeted by the notorious ransomware group RansomHub. The attack, which occurred on June 28th, has severely disrupted the company's operations, leading to significant data breaches and operational paralysis.
About Alabama Plate Cutting Company
Established in 1983 and located in Saginaw, Alabama, APCCO operates a 62,000 square foot manufacturing facility. The company specializes in various cutting and fabrication techniques, including laser cutting, plasma cutting, oxyfuel cutting, CNC machining, forming, and robotic welding. With a production capacity of approximately 60,000 parts per month, APCCO serves a diverse clientele across the Southeastern United States, including Alabama, Tennessee, Georgia, and Mississippi.
Attack Overview
The ransomware attack orchestrated by RansomHub has led to the encryption of all core servers and the deletion of backups, effectively crippling APCCO's digital infrastructure. The attackers also exfiltrated a full Oracle Database containing the company's ERP system, along with sensitive documents related to accounting, budget, HR, client, and personal information. Despite the severity of the breach, APCCO has remained silent, leaving stakeholders uncertain about the full extent of the damage.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024. Known for its aggressive affiliate model and double extortion tactics, the group has quickly become a formidable player in the ransomware landscape. RansomHub's ransomware is optimized for speed and efficiency, capable of encrypting large datasets across multiple platforms, including Windows, Linux, and ESXi.
Penetration and Vulnerabilities
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. In the case of APCCO, the attackers likely exploited unpatched systems or used phishing to infiltrate the network. Once inside, they conducted multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The lack of robust cybersecurity measures and backup protocols made APCCO a vulnerable target.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.