RansomHub Strikes Confins Transportes

Incident Date:

May 16, 2024

World map

Overview

Title

RansomHub Strikes Confins Transportes

Victim

Confins Transportes

Attacker

Ransomhub

Location

Betim, Brazil

, Brazil

First Reported

May 16, 2024

Ransomware Attack on Confins Transportes by RansomHub

Victim Overview

Confins Transportes Ltda, a truck transportation company based in Betim, Minas Gerais, Brazil, was targeted by the ransomware group RansomHub. The company, known for its reliable and efficient truck transportation services, has between 51 and 200 employees. Confins is a pioneer in the field of truck transportation in Brazil, offering innovative and dependable services that set them apart in the industry.

Attack Details

RansomHub, a new ransomware group with roots in Russia, claimed responsibility for the attack on Confins Transportes. The victim's website was compromised, and it's reported that 500 GB of data was exfiltrated. However, there is no specific mention of a ransom demand in this case.

Ransomware Group Overview

The group distinguishes itself by making claims of attacks and backing them up with data leaks on the dark web. The group operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions among the victims.

Possible Penetration

The group's ransomware strains are written in Golang, a relatively new trend in the ransomware world. This language choice may indicate a shift towards future trends in ransomware attacks. The group could have penetrated Confins Transportes' systems through various means, including phishing emails, unpatched software vulnerabilities, or weak security protocols.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.