RansomHub Ransomware Hits Major Dominican Hardware Distributor

Incident Date:

August 30, 2024

World map

Overview

Title

RansomHub Ransomware Hits Major Dominican Hardware Distributor

Victim

Ramón Corripio Ferreteria

Attacker

Ransomhub

Location

Santo Domingo, Dominican Republic

, Dominican Republic

First Reported

August 30, 2024

RansomHub Ransomware Attack on Ramón Corripio Ferretería

Ramón Corripio Ferretería, a prominent wholesale distributor in the Dominican Republic, has fallen victim to a ransomware attack orchestrated by the cybercriminal group RansomHub. The attack targeted the company's website, www.ramoncorripio.com, and has been ongoing for nearly a week.

Company Overview

Established in 1939 by Ramón Corripio García, Ramón Corripio Ferretería, officially known as Ramón Corripio Sucesores, S.A.S., is a key player in the construction sector. The company specializes in hardware, construction materials, and household items, offering over 12,000 products. With a client base of more than 2,200 customers and partnerships with over 80 brands, the company is a significant entity in the Dominican Republic's supply chain for construction and home improvement projects.

Attack Overview

The ransomware attack has been ongoing for 6 days, 19 hours, 12 minutes, and 40 seconds. During this period, the malicious actors accessed the site 70 times, compromising a total of 124 GB of data. The most recent activity was recorded on August 30th at 16:34:23. The extent of the data breach and its potential impact on business operations and customer information are currently under investigation.

About RansomHub

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024. Known for its aggressive affiliate model and double extortion tactics, the group encrypts victims' data and exfiltrates sensitive information to leverage ransom demands. RansomHub has quickly become a formidable player in the ransomware landscape, targeting high-value sectors such as healthcare, financial services, and government.

Penetration and Vulnerabilities

RansomHub is renowned for its speed and efficiency, utilizing phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group often exploits unpatched systems and zero-day vulnerabilities. In the case of Ramón Corripio Ferretería, the company's extensive digital footprint and the critical nature of its operations made it an attractive target for RansomHub's sophisticated attack methods.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.