Ransomware Attack on Confins Transportes by RansomHub

Victim Overview

Confins Transportes Ltda, a truck transportation company based in Betim, Minas Gerais, Brazil, was targeted by the ransomware group RansomHub. The company, known for its reliable and efficient truck transportation services, has between 51 and 200 employees. Confins is a pioneer in the field of truck transportation in Brazil, offering innovative and dependable services that set them apart in the industry.

Attack Details

RansomHub, a new ransomware group with roots in Russia, claimed responsibility for the attack on Confins Transportes. The victim's website was compromised, and it's reported that 500 GB of data was exfiltrated. However, there is no specific mention of a ransom demand in this case.

Ransomware Group Overview

The group distinguishes itself by making claims of attacks and backing them up with data leaks on the dark web. The group operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions among the victims.

Possible Penetration

The group's ransomware strains are written in Golang, a relatively new trend in the ransomware world. This language choice may indicate a shift towards future trends in ransomware attacks. The group could have penetrated Confins Transportes' systems through various means, including phishing emails, unpatched software vulnerabilities, or weak security protocols.

Sources:

• Dun & Bradstreet - Confins Transportes Ltda
• SocRadar - RansomHub