RansomHub Strikes Bitz Softwares: Major Data Breach and Ransom Threats

Incident Date:

June 24, 2024

World map

Overview

Title

RansomHub Strikes Bitz Softwares: Major Data Breach and Ransom Threats

Victim

Bitz Softwares

Attacker

Ransomhub

Location

Pato Branco, Brazil

, Brazil

First Reported

June 24, 2024

RansomHub Ransomware Attack on Bitz Softwares

Overview of Bitz Softwares

Bitz Softwares is a Brazilian company based in Pato Branco, Parana, specializing in the development and provision of software solutions tailored to meet the needs of various industries. The company focuses on creating innovative, efficient, and user-friendly software products that help businesses streamline their operations, improve productivity, and enhance overall performance. Their offerings include enterprise resource planning (ERP) systems, customer relationship management (CRM) software, and other specialized applications designed to integrate seamlessly with existing systems.

With a workforce of between 51-200 employees, Bitz Softwares also provides custom software development services, working closely with clients to develop bespoke solutions that address specific challenges. The company places a strong emphasis on customer support, offering ongoing maintenance and support services to ensure optimal software performance.

Details of the Ransomware Attack

Bitz Softwares recently fell victim to a ransomware attack orchestrated by the RansomHub group. The attackers claimed to have stolen confidential data and crashed the company's network. They threatened to leak all the obtained files, databases, and credentials, which include sensitive information from customers and employees, unless contacted for negotiation. Additionally, RansomHub reported acquiring a substantial database of over 320,000 credit cards from more than 3,500 hotels, along with all associated customer information. They warned that if their demands were not met, they would leak half of the credit card data and sell the remaining information.

About RansomHub

RansomHub is a new ransomware group that has recently emerged in the cyber threat landscape, distinguishing themselves by making claims and backing them up with data leaks. The group is believed to have roots in Russia, with operations resembling a traditional Russian ransomware setup. RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group.

The group has targeted various countries without following a specific pattern, including the US, Brazil, Indonesia, and Vietnam. Healthcare-related institutions are among the listed victims, with Change Healthcare being a notable target. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world, which may indicate a step towards future trends in ransomware development.

Potential Vulnerabilities and Penetration Methods

While specific details on how RansomHub penetrated Bitz Softwares' systems are not publicly available, common vulnerabilities that ransomware groups exploit include weak or compromised passwords, unpatched software vulnerabilities, and phishing attacks. Given Bitz Softwares' focus on integrating their solutions with existing systems, any weaknesses in these integrations could have been exploited by the attackers. Additionally, the use of Golang by RansomHub suggests a sophisticated approach that may have bypassed traditional security measures.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.