RansomHub Ransomware Hits Italian Animal Feed Producer Fusco S.r.l

Incident Date:

June 27, 2024

World map



RansomHub Ransomware Hits Italian Animal Feed Producer Fusco S.r.l


Fusco S.r.l




Bellona, Italy

, Italy

First Reported

June 27, 2024

RansomHub Ransomware Attack on Fusco S.r.l: A Detailed Analysis

Overview of Fusco S.r.l

Fusco S.r.l, operating under the brand name "Mangimi Fusco," is an Italian company based in Bellona, Caserta. Established in 1999, the company specializes in the production and distribution of high-quality, nutritionally balanced animal feed products. Their offerings cater to a variety of animals, including livestock, pets, and other domesticated animals. Fusco S.r.l employs a team of experts, including veterinarians and animal nutritionists, to ensure their products meet stringent nutritional standards.

The company is known for its commitment to using high-quality raw materials and advanced production techniques. They also place a strong emphasis on sustainability and environmental responsibility, adopting eco-friendly practices in their production processes. Fusco S.r.l's dedication to innovation and quality has made them a leading provider of animal feed products in their region.

Details of the Ransomware Attack

Recently, Fusco S.r.l fell victim to a ransomware attack orchestrated by the RansomHub group. The attackers compromised a significant amount of private and confidential data, including client documents, budgets, payroll, accounting records, contracts, tax information, IDs, and financial details. The ransomware group issued a demand for negotiations within three days, addressing a contact named Mike from mc-soft.it.

The attack was publicly claimed by RansomHub on their dark web leak site, where they threatened to release the stolen data if their demands were not met. This incident has raised serious concerns about the security measures in place at Fusco S.r.l and the potential impact on their operations and reputation.

About RansomHub

RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern.

RansomHub's ransomware strains are written in Golang, a programming language that has been gaining popularity in the ransomware world. This choice of language may indicate a trend towards more sophisticated and harder-to-detect ransomware attacks. The group has distinguished itself by making claims and backing them up with data leaks, adding credibility to their threats.

Potential Vulnerabilities and Penetration Methods

While the exact method of penetration used by RansomHub in the Fusco S.r.l attack is not publicly known, several common vulnerabilities could have been exploited. These include weak or reused passwords, unpatched software vulnerabilities, and phishing attacks targeting employees. Given the nature of Fusco S.r.l's business, which involves handling sensitive data such as client information and financial records, the company may have been an attractive target for ransomware groups seeking valuable data to leverage for ransom demands.

RansomHub's use of Golang for their ransomware strains suggests a level of sophistication that could bypass traditional security measures. This, combined with the group's aggressive tactics and the potential for significant financial gain, underscores the importance of robust cybersecurity practices for companies like Fusco S.r.l.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.