RansomHub Strikes Confins Transportes
Incident Date:
May 16, 2024
Overview
Title
RansomHub Strikes Confins Transportes
Victim
Confins Transportes
Attacker
Ransomhub
Location
First Reported
May 16, 2024
Ransomware Attack on Confins Transportes by RansomHub
Victim Overview
Confins Transportes Ltda, a truck transportation company based in Betim, Minas Gerais, Brazil, was targeted by the ransomware group RansomHub. The company, known for its reliable and efficient truck transportation services, has between 51 and 200 employees. Confins is a pioneer in the field of truck transportation in Brazil, offering innovative and dependable services that set them apart in the industry.
Attack Details
RansomHub, a new ransomware group with roots in Russia, claimed responsibility for the attack on Confins Transportes. The victim's website was compromised, and it's reported that 500 GB of data was exfiltrated. However, there is no specific mention of a ransom demand in this case.
Ransomware Group Overview
The group distinguishes itself by making claims of attacks and backing them up with data leaks on the dark web. The group operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions among the victims.
Possible Penetration
The group's ransomware strains are written in Golang, a relatively new trend in the ransomware world. This language choice may indicate a shift towards future trends in ransomware attacks. The group could have penetrated Confins Transportes' systems through various means, including phishing emails, unpatched software vulnerabilities, or weak security protocols.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.