RansomHub Ransomware Hits Djibouti Ports Authority: Key Details
Incident Date:
August 28, 2024
Overview
Title
RansomHub Ransomware Hits Djibouti Ports Authority: Key Details
Victim
DPFZA
Attacker
Ransomhub
Location
First Reported
August 28, 2024
RansomHub Ransomware Attack on Djibouti Ports & Free Zones Authority
On August 28, 2024, the Djibouti Ports & Free Zones Authority (DPFZA), operating under the domain "dpfza.gov.dj," was targeted by a ransomware attack orchestrated by the cybercriminal group RansomHub. This incident has raised significant concerns about the security of critical infrastructure in Djibouti, a country strategically positioned at the crossroads of major global shipping routes.
About Djibouti Ports & Free Zones Authority (DPFZA)
DPFZA is a governmental entity responsible for managing Djibouti's ports, free zones, and related infrastructure. Established in 2003, the authority plays a crucial role in promoting Djibouti as a strategic trade and logistics hub. DPFZA oversees the administration and operational management of facilities such as the Port of Djibouti and the Djibouti International Free Trade Zone (DIFTZ). The authority employs between 51 and 200 individuals, although some reports suggest the number could be as high as 1,000.
Strategic Importance and Vulnerabilities
DPFZA's strategic initiatives, including a $15 billion expansion program, aim to enhance infrastructure and position Djibouti as a key logistics and transport hub for Africa. The authority's critical role in facilitating international trade and logistics makes it a high-value target for cybercriminals. The reliance on digital systems for operations and the handling of sensitive data further expose DPFZA to ransomware attacks.
Attack Overview
The ransomware attack by RansomHub has potentially disrupted DPFZA's mission to establish Djibouti as a premier maritime and commercial hub in Africa. The specifics of the data leak, including its size, remain unknown. However, the attack poses significant risks to DPFZA's operations, potentially affecting the economic growth and regional connectivity facilitated by the authority.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024. The group is known for its aggressive affiliate model and double extortion tactics, encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi.
Penetration Methods
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group has also leveraged zero-day vulnerabilities. Once inside the network, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The use of advanced data exfiltration techniques and intermittent encryption makes RansomHub a formidable threat to organizations worldwide.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.