RansomHub Ransomware Hits Performance Controls Inc Exfiltrates 500GB Data
Incident Date:
September 4, 2024
Overview
Title
RansomHub Ransomware Hits Performance Controls Inc Exfiltrates 500GB Data
Victim
Performance Controls, Inc. (PCI)
Attacker
Ransomhub
Location
First Reported
September 4, 2024
RansomHub Ransomware Attack on Performance Controls, Inc. (PCI)
Performance Controls, Inc. (PCI), a specialized engineering firm known for its advanced power control systems, has fallen victim to a ransomware attack by the RansomHub group. The attack, which has been claimed on RansomHub's dark web leak site, reportedly resulted in the exfiltration of 500 GB of sensitive data.
About Performance Controls, Inc. (PCI)
Founded in the early 1990s, PCI has been a pioneer in the design and manufacture of advanced power control systems, particularly gradient amplifiers, filters, and shim amplifiers for medical imaging applications such as MRI and NMR. The company is also known for its power supplies for magnet control in beam steering applications, essential in Proton Beam Therapy for cancer treatment. PCI's commitment to innovation is reflected in their development of fully digital architectures and dedicated software for gradient amplifier commissioning, tuning, troubleshooting, and remote diagnostics.
PCI operates in various sectors, including healthcare, aerospace, military, oil and gas, and manufacturing. The company is part of FUJIFILM Healthcare Americas Corporation, which has further expanded its reach and capabilities in the healthcare sector.
Attack Overview
The ransomware group RansomHub claims to have exfiltrated 500 GB of data from PCI, potentially compromising sensitive information related to their standard products and customized solutions. The attack highlights the vulnerabilities of even highly specialized engineering firms to sophisticated cyber threats.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself as a formidable player in the ransomware landscape. The group is known for its aggressive affiliate model and double extortion tactics, encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi.
Penetration Methods
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group has also leveraged zero-day vulnerabilities to infiltrate systems. Once inside, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The group's use of Curve 25519 elliptic curve encryption and intermittent encryption techniques ensures fast and effective encryption, making it a significant threat to organizations worldwide.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.