RansomHub Ransomware Hits Multi-Wing Group, Leaks 900GB of Data

Incident Date:

June 24, 2024

World map

Overview

Title

RansomHub Ransomware Hits Multi-Wing Group, Leaks 900GB of Data

Victim

Multi-Wing Group

Attacker

Ransomhub

Location

Vedbæk, Denmark

, Denmark

First Reported

June 24, 2024

RansomHub Ransomware Attack on Multi-Wing Group

Overview of the Attack

On June 25, 2024, the Multi-Wing Group, a prominent manufacturer of axial fans, was targeted by the RansomHub ransomware group. The attack resulted in a significant data leak, with approximately 900GB of sensitive information being exposed. This incident underscores the growing threat of ransomware attacks on the manufacturing sector, which is increasingly becoming a target for cybercriminals.

About Multi-Wing Group

The Multi-Wing Group is a global company specializing in the design, manufacture, and distribution of axial fans. These fans are utilized in various applications, including HVAC (Heating, Ventilation, and Air Conditioning), engine cooling, and industrial processes. Founded in 1938 and headquartered in Vedbæk, Denmark, the company employs over 560 professionals worldwide and operates 20 locations globally.

Multi-Wing Group is renowned for its expertise in creating customized axial fan solutions. The company employs advanced computational fluid dynamics (CFD) and other simulation tools to optimize the aerodynamic properties of their fan blades. This ensures that their products deliver the required airflow and pressure while minimizing noise and energy consumption. The company's commitment to high-quality materials and precision manufacturing processes further distinguishes it in the industry.

Vulnerabilities and Targeting

As a global leader in the manufacturing sector, Multi-Wing Group's extensive network of production facilities and sales offices makes it a lucrative target for ransomware groups. The company's reliance on advanced technologies and the need for high precision and consistency in manufacturing processes mean that any disruption can have significant operational and financial impacts. This makes the company particularly vulnerable to ransomware attacks, which can exploit weaknesses in cybersecurity measures to gain access to sensitive data and systems.

Details of the Ransomware Group

RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub allows affiliates to carry out attacks, with 90% of the ransom money going to the affiliates and the remaining 10% to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern.

Penetration of Multi-Wing Group's Systems

While the exact method of penetration in the Multi-Wing Group attack has not been disclosed, it is likely that RansomHub exploited vulnerabilities in the company's cybersecurity infrastructure. Common attack vectors include phishing emails, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials. Given the sophistication of RansomHub's operations and their use of Golang-based ransomware, it is plausible that the group employed a combination of these techniques to infiltrate Multi-Wing Group's systems and execute the ransomware attack.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.