RansomHub Ransomware Hits Regent Caravans: 30GB Data Stolen in Cyber Attack
Incident Date:
August 17, 2024
Overview
Title
RansomHub Ransomware Hits Regent Caravans: 30GB Data Stolen in Cyber Attack
Victim
Regent Caravans
Attacker
Ransomhub
Location
First Reported
August 17, 2024
RansomHub Ransomware Attack on Regent Caravans
Regent Caravans, a prominent Australian luxury caravan manufacturer, recently fell victim to a ransomware attack orchestrated by the notorious RansomHub group. The attack, which occurred in early August, resulted in the theft of 30 gigabytes of sensitive data, including CAD files, ordering details, and employee ID photos.
About Regent Caravans
Founded in Melbourne in 1991, Regent Caravans specializes in the design and manufacturing of luxury caravans tailored for the Australian market. The company employs over 100 people and is known for its high-quality caravans that blend traditional craftsmanship with modern technology. Their innovative construction methods, such as full composite sandwich panel construction, provide strength, durability, and insulation, making their products stand out in the industry.
Attack Overview
The ransomware attack by RansomHub led to the exposure of HR-related data and some financial records. Despite the data leak, Regent Caravans confirmed that their backups were secure and chose not to negotiate with the attackers. The company took immediate action by disconnecting its server and hiring external IT consultants to enhance its cybersecurity measures. Affected employees and customers were informed, and the incident was reported to the authorities.
About RansomHub
RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub distinguishes itself by making claims and backing them up with data leaks. The group’s ransomware strains are written in Golang, a trend that is becoming more common in the ransomware world. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is likely that RansomHub exploited vulnerabilities in Regent Caravans' network security. The use of Golang in their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures. The attack highlights the importance of strong cybersecurity practices, especially for companies handling sensitive data.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.