RansomHub Ransomware Hits Italian Tourism Research Institute ISNART
Incident Date:
August 15, 2024
Overview
Title
RansomHub Ransomware Hits Italian Tourism Research Institute ISNART
Victim
Istituto Nazionale Ricerche Turistiche
Attacker
Ransomhub
Location
First Reported
August 15, 2024
RansomHub Claims Ransomware Attack on Istituto Nazionale Ricerche Turistiche
The ransomware group RansomHub has claimed responsibility for a cyberattack on the Istituto Nazionale Ricerche Turistiche (ISNART), a prominent Italian research institute specializing in tourism economics. The attack, which was announced on RansomHub's dark web leak site, reportedly involved the exfiltration of 10 GB of sensitive data from ISNART's systems. The cybercriminals have set a ransom deadline for August 18, 2023.
About ISNART
ISNART, officially registered as IS.NA.R.T. scpa, is headquartered in Rome and operates as a key player in the tourism research industry in Italy. The institute focuses on analyzing tourism trends, providing diagnostic tools for national tourist destinations, and conducting comprehensive studies to guide the local tourism economy. ISNART's ecosystem approach emphasizes the interconnectedness of various tourism stakeholders, making it a vital resource for both public and private entities in the sector.
ISNART's research includes periodic studies on the behaviors and preferences of Italian tourists, which are crucial for shaping strategies to attract and retain visitors. Additionally, the institute develops tools to assess the competitiveness of tourist destinations, supporting business growth and adaptation to market changes. Despite its significant role, specific details about the institute's size and revenue are not publicly disclosed.
Attack Overview
RansomHub claims to have infiltrated ISNART's systems and exfiltrated 10 GB of sensitive data. The group has set a ransom deadline, pressuring the institute to comply with their demands. The exact nature of the stolen data has not been disclosed, but it is likely to include valuable research and analysis critical to the tourism sector.
About RansomHub
RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. Their ransomware strains are written in Golang, a language gaining popularity in the ransomware world.
Potential Vulnerabilities
ISNART's focus on tourism research and data analysis makes it a valuable target for ransomware groups like RansomHub. The institute's extensive data on tourism trends, traveler behaviors, and destination competitiveness is likely to be of significant interest to cybercriminals. The attack highlights the vulnerabilities of research institutions in the face of sophisticated ransomware operations, emphasizing the need for enhanced cybersecurity measures.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.