RansomHub Strikes Okuant Limited: A Cybersecurity Threat

Incident Date:

May 16, 2024

World map

Overview

Title

RansomHub Strikes Okuant Limited: A Cybersecurity Threat

Victim

Okuant Limited

Attacker

Ransomhub

Location

Madrid, Spain

, Spain

First Reported

May 16, 2024

Ransomware Attack on Okuant Limited by RansomHub

Victim Overview

Okuant Limited, a real estate investment company based in Madrid, Spain, fell victim to a ransomware attack orchestrated by the cybercriminal group RansomHub. The company specializes in the acquisition and management of real estate portfolios, aiming to generate profitability for its clients in the Spanish real estate market.

Company Size and Standout Features

The company has a workforce of over 100 full-time employees and is known for its technology that enables real-time detection and valuation of investment opportunities. This, along with its market positioning and negotiation power, makes it a reliable option for investment procedures.

Attack Details

The ransomware attack on Okuant resulted in the exfiltration of 5 GB of data, including customers' and employees' information, financial data, and more. The attackers, RansomHub, did not disclose the specific ransom demand, but they leaked a sample of the compromised data as part of the attack's consequences.

Ransomware Group - RansomHub

RansomHub is a new ransomware group known for making claims and backing them up with data leaks. The group operates as a Ransomware-as-a-Service (RaaS) entity, with affiliates receiving 90% of the ransom money. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a focus on healthcare-related institutions.

Attack Vector

RansomHub's ransomware strains are written in Golang, a language choice that aligns with recent trends in the ransomware landscape. The group's operations resemble a traditional Russian ransomware setup, indicating potential roots in Russia. The use of AI technology in ransomware attacks has made them more effective, increasing the volume of attacks and posing a significant threat to organizations like Okuant Limited.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.