RansomHub Ransomware Attack on Multi-Wing Group

Overview of the Attack

On June 25, 2024, the Multi-Wing Group, a prominent manufacturer of axial fans, was targeted by the RansomHub ransomware group. The attack resulted in a significant data leak, with approximately 900GB of sensitive information being exposed. This incident underscores the growing threat of ransomware attacks on the manufacturing sector, which is increasingly becoming a target for cybercriminals.

About Multi-Wing Group

The Multi-Wing Group is a global company specializing in the design, manufacture, and distribution of axial fans. These fans are utilized in various applications, including HVAC (Heating, Ventilation, and Air Conditioning), engine cooling, and industrial processes. Founded in 1938 and headquartered in Vedbæk, Denmark, the company employs over 560 professionals worldwide and operates 20 locations globally.

Multi-Wing Group is renowned for its expertise in creating customized axial fan solutions. The company employs advanced computational fluid dynamics (CFD) and other simulation tools to optimize the aerodynamic properties of their fan blades. This ensures that their products deliver the required airflow and pressure while minimizing noise and energy consumption. The company's commitment to high-quality materials and precision manufacturing processes further distinguishes it in the industry.

Vulnerabilities and Targeting

As a global leader in the manufacturing sector, Multi-Wing Group's extensive network of production facilities and sales offices makes it a lucrative target for ransomware groups. The company's reliance on advanced technologies and the need for high precision and consistency in manufacturing processes mean that any disruption can have significant operational and financial impacts. This makes the company particularly vulnerable to ransomware attacks, which can exploit weaknesses in cybersecurity measures to gain access to sensitive data and systems.

Details of the Ransomware Group

RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub allows affiliates to carry out attacks, with 90% of the ransom money going to the affiliates and the remaining 10% to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern.

Penetration of Multi-Wing Group's Systems

While the exact method of penetration in the Multi-Wing Group attack has not been disclosed, it is likely that RansomHub exploited vulnerabilities in the company's cybersecurity infrastructure. Common attack vectors include phishing emails, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials. Given the sophistication of RansomHub's operations and their use of Golang-based ransomware, it is plausible that the group employed a combination of these techniques to infiltrate Multi-Wing Group's systems and execute the ransomware attack.

Sources

• Multi-Wing Group Official Website: History
• Multi-Wing Group Official Website: Introduction
• RocketReach: Multi-Wing Group Profile
• SOCRadar: Dark Web Profile - RansomHub