Ransomware Attack on POLARIS INFORMATICA Y COMUNICACIONES by RansomHub

Overview of the Attack

POLARIS INFORMATICA Y COMUNICACIONES, a Spanish technology solutions provider, was recently targeted by the emerging ransomware group RansomHub. The attack involved the exfiltration of approximately 165 GB of data from the company's systems. This incident was publicly disclosed on RansomHub's dark web leak site, where they claimed responsibility and hinted at the presence of potentially unlicensed software within the stolen data.

Company Profile

Founded in 1996 and based in Madrid, Spain, Polaris specializes in custom application development, website design, and IT consulting. The company employs between 20-49 professionals and generates an estimated revenue of $3 million annually. Their expertise in responsive and innovative technology solutions for various sectors makes them a notable player in the Strategic Management Services, Computer Equipment & Peripherals, and Manufacturing industries.

Targeting and Vulnerabilities

The choice of this company as a target by RansomHub could be attributed to several factors. The company's significant data pool, including proprietary software and client information, presents a lucrative target for ransomware operators. Additionally, the presence of potentially unlicensed software as suggested by RansomHub could indicate lapses in software management and security practices, making them more vulnerable to cyber-attacks.

RansomHub Group Profile

RansomHub operates as a Ransomware-as-a-Service (RaaS) model, primarily targeting various international entities without a clear pattern. Their ransomware strains are noted for being developed in Golang, a choice that aligns with recent trends in the cyber threat landscape.

Sources

• SOC Radar - Dark Web Profile: RansomHub
• Barracuda Networks - AI and Ransomware: How to Adapt and Stay Protected
• Barracuda Networks - Threat Spotlight: Caught in the Wild