RansomHub Ransomware Hits John Kellys, 450GB Data Breached
Incident Date:
August 30, 2024
Overview
Title
RansomHub Ransomware Hits John Kellys, 450GB Data Breached
Victim
John Kellys
Attacker
Ransomhub
Location
First Reported
August 30, 2024
RansomHub Ransomware Attack on John Kellys
On September 2, 2024, John Kellys (London) Ltd, a well-established supplier of essential oils and aromatic chemicals, fell victim to a ransomware attack orchestrated by the notorious RansomHub group. The attack resulted in a significant data breach, compromising approximately 450GB of sensitive information. This incident has raised serious concerns about data security and the potential impact on the company's operations and reputation.
About John Kellys (London) Ltd
John Kellys (London) Ltd is a private limited company specializing in essential oils and aromatic chemicals for the flavor and fragrance industry. With over 80 years of experience, the company has built a reputation for delivering quality products and exceptional customer service. Operating as a micro-enterprise with fewer than 10 employees, John Kellys has a financial foundation, reporting total assets of approximately £3.15 million. The company’s logistical capabilities allow for rapid delivery, ensuring timely access to raw materials for their clients.
Attack Overview
The ransomware attack on John Kellys was discovered on September 2, 2024. The threat actor group RansomHub claimed responsibility for the attack, which led to the exfiltration of 450GB of sensitive data. The compromised information includes internal records, customer data, and potentially proprietary formulations. The attack has disrupted the company's operations and posed a significant threat to its reputation in the industry.
About RansomHub
RansomHub is a Ransomware-as-a-Service (RaaS) group that emerged in February 2024. Known for its aggressive affiliate model and double extortion tactics, RansomHub encrypts victims' data and exfiltrates sensitive information to increase leverage in ransom demands. The group targets high-value sectors such as healthcare, financial services, and government, exploiting vulnerabilities in unpatched systems and using sophisticated techniques for data exfiltration and encryption.
Penetration and Vulnerabilities
RansomHub likely penetrated John Kellys' systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's affiliates are known for using tools like Mimikatz and PsExec for lateral movement and privilege escalation. The ransomware employs Curve 25519 elliptic curve encryption, making it difficult to decrypt without paying the ransom. John Kellys' commitment to customer engagement and data protection, as outlined in their privacy policy, underscores the severity of this breach.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.