RansomHub Ransomware Hits Amplicon International: 313GB Data at Risk
Incident Date:
August 7, 2024
Overview
Title
RansomHub Ransomware Hits Amplicon International: 313GB Data at Risk
Victim
Amplicon International
Attacker
Ransomhub
Location
First Reported
August 7, 2024
RansomHub Ransomware Attack on Amplicon International
Amplicon International, a UK-based leader in industrial computing and data communication solutions, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 313 GB of sensitive organizational data and have threatened to release it within 15 to 16 days if their demands are not met. This incident underscores the growing threat of ransomware attacks on critical industrial sectors.
About Amplicon International
Founded over 50 years ago, Amplicon International specializes in the design and manufacture of advanced technology solutions for various industrial applications. The company is renowned for its industrial computers, data acquisition systems, and EMC testing services. Amplicon’s commitment to quality is evidenced by its ISO 9001:2015 certification and compliance with WEEE and RoHS directives. The company’s products are widely used in sectors such as process control, factory automation, defense, and transportation.
Attack Overview
RansomHub, a relatively new ransomware group, has claimed responsibility for the attack on Amplicon International. The group has provided sample screenshots on their dark web portal to substantiate their claims. The attackers have indicated that they accessed a substantial amount of data, which they plan to publish if their ransom demands are not met. This attack highlights the vulnerabilities that even well-established companies face in the current cyber threat landscape.
RansomHub: A New Threat
RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving the majority of the ransom payments. The group is believed to have roots in Russia and has targeted various countries, including the US, Brazil, Indonesia, and Vietnam. RansomHub’s ransomware strains are written in Golang, a programming language that is becoming increasingly popular among cybercriminals. This choice of language may indicate a trend towards more sophisticated and harder-to-detect ransomware attacks.
Potential Vulnerabilities
While the specific method of penetration used by RansomHub in the Amplicon attack is not yet clear, common vulnerabilities in industrial sectors include outdated software, insufficient network segmentation, and inadequate employee training on cybersecurity best practices. Amplicon’s extensive network of distributors and its involvement in critical infrastructure sectors may have made it an attractive target for ransomware groups seeking to maximize their impact.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.