RansomHub Strikes Slovak Innovation Agency in Cyber Attack

Incident Date:

June 4, 2024

World map

Overview

Title

RansomHub Strikes Slovak Innovation Agency in Cyber Attack

Victim

Slovak Innovation and Energy Agency

Attacker

Ransomhub

Location

Bratislava, Slovakia

, Slovakia

First Reported

June 4, 2024

RansomHub Targets Slovak Innovation and Energy Agency in Ransomware Attack

Overview of the Victim: Slovak Innovation and Energy Agency (SIEA)

The Slovak Innovation and Energy Agency (SIEA) is a governmental organization in Slovakia dedicated to fostering innovation, energy efficiency, and sustainable development. Established by the Ministry of Economy of the Slovak Republic, SIEA provides technical and expert support in line with innovation and energy legislation. The agency manages significant funds for various operational periods, including 2.912 billion euros from 2014-2020, and plays a crucial role in policy development and implementation.

Attack Details

RansomHub, a new ransomware group, has claimed responsibility for a ransomware attack on SIEA. The group announced the attack on their dark web leak site, stating they had successfully infiltrated SIEA's network and gained access to all their information and operations. The group threatened to leak all the files if the ransom is not paid.

About RansomHub

RansomHub is a recently emerged ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, and their ransomware strains are written in Golang, a relatively new trend in the ransomware world.

Potential Vulnerabilities

SIEA's extensive role in managing and implementing innovation and energy policies, along with handling substantial funds, makes it an attractive target for ransomware groups like RansomHub. The agency's involvement in international cooperation and policy development further increases its exposure to cyber threats. The use of Golang by RansomHub indicates a sophisticated approach, potentially exploiting vulnerabilities in SIEA's cybersecurity infrastructure.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.