RansomHub Ransomware Hits French Engineering Firm IPH Ingénierie
Incident Date:
August 30, 2024
Overview
Title
RansomHub Ransomware Hits French Engineering Firm IPH Ingénierie
Victim
IPH Ingénierie
Attacker
Ransomhub
Location
First Reported
August 30, 2024
RansomHub Targets IPH Ingénierie in Devastating Ransomware Attack
IPH Ingénierie, a prominent French engineering firm, has recently fallen victim to a ransomware attack orchestrated by the notorious RansomHub group. The attack has resulted in the exfiltration of a significant amount of sensitive data, raising serious concerns about cybersecurity measures within the company.
About IPH Ingénierie
IPH Ingénierie is a multifaceted engineering firm based in La Vaupalière, Normandie, France. Specializing in various sectors including construction, mining, and environmental consultancy, the company employs around 50 professionals and generates an estimated annual revenue of approximately €5 million. The firm is particularly recognized for its expertise in collective housing, educational institutions, healthcare facilities, and public buildings. Their comprehensive approach integrates fluid mechanics, structural engineering, civil engineering, and construction economics, making them a notable player in the French engineering sector.
Attack Overview
The ransomware attack on IPH Ingénierie was claimed by RansomHub via their dark web leak site. The attackers exfiltrated a significant amount of sensitive data, including directories such as "BH Agence_Lyon," which contains an archive PST file, and "BH Commercial," which includes subdirectories like "Direction" and "DOSSIERS_INTER_AGENCES." Additionally, the "Outlook" directory with "SauvesQL" files and a tree structure labeled "IPH_HARLY.6¢" were also accessed and exfiltrated. This breach underscores the critical need for enhanced cybersecurity measures to protect against sophisticated ransomware threats.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself in the ransomware landscape. The group is known for its aggressive affiliate model and double extortion tactics, which involve encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi.
Penetration and Vulnerabilities
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. In the case of IPH Ingénierie, the attackers likely exploited unpatched systems or leveraged zero-day vulnerabilities to penetrate the company's defenses. The group's advanced data exfiltration techniques and fast encryption processes make it a formidable threat to organizations worldwide.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.