RansomHub Ransomware Hits Thailand's AutoCorp Group Holding
Incident Date:
July 26, 2024
Overview
Title
RansomHub Ransomware Hits Thailand's AutoCorp Group Holding
Victim
AutoCorp Group Holding
Attacker
Ransomhub
Location
First Reported
July 26, 2024
RansomHub Ransomware Attack on AutoCorp Group Holding
Overview of AutoCorp Group Holding
AutoCorp Group Holding (ACG) is a significant player in Thailand's automotive industry, operating primarily through its subsidiaries Honda Maliwan Co., Ltd. and Autoclik by ACG Co., Ltd. The company, listed on the Stock Exchange of Thailand under the symbol ACG, focuses on automotive sales, service, and related businesses. With its headquarters in Khon Kaen, Thailand, ACG has established a robust market presence, boasting multiple branches and service centers across the country. As of the first quarter of 2024, ACG reported total revenue of approximately 435.91 million Baht, despite a 10.46% decrease from the previous year.
Details of the Ransomware Attack
The ransomware group RansomHub has claimed responsibility for a recent cyberattack on AutoCorp Group Holding. The attackers infiltrated ACG's digital infrastructure, gaining access to files and webmails associated with domains such as ach.co.th, autoclickfastfit.com, and hondamaliwan.com. RansomHub encrypted and exfiltrated sensitive data, including private documents, databases, webmails, and source code. The group is demanding a ransom to prevent the public release of this confidential information, threatening significant operational and reputational damage if ACG fails to comply.
About RansomHub
RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. RansomHub's ransomware strains are written in Golang, a language choice that aligns with recent trends in the ransomware world.
Penetration and Vulnerabilities
RansomHub's ability to penetrate ACG's systems likely involved exploiting vulnerabilities in the company's digital infrastructure. The use of Golang for their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures. The attack highlights the importance of robust cybersecurity practices, especially for companies like ACG that handle sensitive customer and operational data.
Impact on AutoCorp Group Holding
The ransomware attack on ACG poses significant risks, including potential data leaks that could harm the company's reputation and operational capabilities. Given ACG's focus on customer satisfaction and high-quality service, the breach could undermine consumer trust and disrupt business operations. The company's emphasis on leveraging modern technologies and innovations for service efficiency underscores the critical need for enhanced cybersecurity measures to protect against such threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.