RansomHub Ransomware Hits Bogotá's 8010 Urban Living
Incident Date:
September 18, 2024
Overview
Title
RansomHub Ransomware Hits Bogotá's 8010 Urban Living
Victim
8010 Urban Living
Attacker
Ransomhub
Location
First Reported
September 18, 2024
RansomHub Ransomware Group Targets 8010 Urban Living in Bogotá
8010 Urban Living, a premier luxury accommodation provider in Bogotá, Colombia, has fallen victim to a ransomware attack orchestrated by the notorious RansomHub group. The attackers claim to have exfiltrated 85 GB of sensitive data from the organization, threatening to publish the stolen information within a 14-15 day timeframe.
About 8010 Urban Living
8010 Urban Living specializes in providing luxury serviced apartments for short, medium, and long-term stays. Located in the vibrant Chapinero district, the establishment offers 21 meticulously designed apartments, ranging from one to two bedrooms. Each unit is equipped with modern amenities such as king-size beds, fully furnished kitchens, and private social areas. The company employs between 11 to 50 employees and is known for its high-quality accommodations and comprehensive services, including 24-hour reception, housekeeping, and business meeting facilities.
Attack Overview
The ransomware attack on 8010 Urban Living was claimed by RansomHub, a Ransomware-as-a-Service (RaaS) group. The attackers have announced their intention to publish the stolen data, putting the company's confidential information at significant risk of exposure. The attack highlights the vulnerabilities in the hospitality sector, particularly for businesses that handle sensitive customer data and rely heavily on their online presence for operations.
About RansomHub
RansomHub emerged as a significant player in the ransomware landscape, known for its aggressive affiliate model and double extortion tactics. The group combines encryption with advanced data exfiltration techniques, making it a formidable threat. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group is also known for its speed and efficiency, encrypting large datasets quickly and targeting cross-platform systems.
Penetration Methods
RansomHub likely penetrated 8010 Urban Living's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's ransomware is optimized to encrypt large datasets quickly, and its affiliates are adept at conducting multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The use of tools like Mimikatz and PsExec for lateral movement and the exploitation of vulnerabilities such as CVE-2023-3519 and CVE-2020-1472 are common tactics employed by RansomHub.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.