RansomHub Strikes Slovak Innovation Agency in Cyber Attack
Incident Date:
June 4, 2024
Overview
Title
RansomHub Strikes Slovak Innovation Agency in Cyber Attack
Victim
Slovak Innovation and Energy Agency
Attacker
Ransomhub
Location
First Reported
June 4, 2024
RansomHub Targets Slovak Innovation and Energy Agency in Ransomware Attack
Overview of the Victim: Slovak Innovation and Energy Agency (SIEA)
The Slovak Innovation and Energy Agency (SIEA) is a governmental organization in Slovakia dedicated to fostering innovation, energy efficiency, and sustainable development. Established by the Ministry of Economy of the Slovak Republic, SIEA provides technical and expert support in line with innovation and energy legislation. The agency manages significant funds for various operational periods, including 2.912 billion euros from 2014-2020, and plays a crucial role in policy development and implementation.
Attack Details
RansomHub, a new ransomware group, has claimed responsibility for a ransomware attack on SIEA. The group announced the attack on their dark web leak site, stating they had successfully infiltrated SIEA's network and gained access to all their information and operations. The group threatened to leak all the files if the ransom is not paid.
About RansomHub
RansomHub is a recently emerged ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, and their ransomware strains are written in Golang, a relatively new trend in the ransomware world.
Potential Vulnerabilities
SIEA's extensive role in managing and implementing innovation and energy policies, along with handling substantial funds, makes it an attractive target for ransomware groups like RansomHub. The agency's involvement in international cooperation and policy development further increases its exposure to cyber threats. The use of Golang by RansomHub indicates a sophisticated approach, potentially exploiting vulnerabilities in SIEA's cybersecurity infrastructure.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.