RansomHub Strikes Universidad Nacional Autónoma de México with Ransomware Attack
Incident Date:
May 4, 2024
Overview
Title
RansomHub Strikes Universidad Nacional Autónoma de México with Ransomware Attack
Victim
Universidad Nacional Autónoma de México
Attacker
Ransomhub
Location
First Reported
May 4, 2024
RansomHub Targets Universidad Nacional Autónoma de México in Ransomware Attack
Overview of the Attack
The Universidad Nacional Autónoma de México (UNAM), one of Latin America's largest and most prestigious universities, has recently fallen victim to a ransomware attack orchestrated by the emerging cybercriminal group RansomHub. The attackers have claimed to have exfiltrated 20 GB of data from UNAM's systems.
Victim Profile: Universidad Nacional Autónoma de México
UNAM, established on September 21, 1551, is a cornerstone of higher education in Mexico, known for its extensive academic offerings and significant cultural influence. The university employs over 7,600 staff and caters to a large student body across multiple campuses. As a hub of research and educational excellence, UNAM is integral to the academic and cultural fabric of Mexico.
Ransomware Group Profile
RansomHub, a relatively new player in the ransomware arena, operates on a Ransomware-as-a-Service (RaaS) model. This group is noted for its claims of attacks backed by actual data leaks, primarily targeting institutions across various countries indiscriminately. RansomHub's use of Golang in their ransomware development marks a strategic choice, aligning with emerging trends in cyber threats.
Potential Vulnerabilities and Entry Points
While the exact method of infiltration used by RansomHub in the attack on UNAM has not been specified, common entry points in similar cases include phishing, exploitation of unpatched systems, or compromised credentials. Educational institutions like UNAM often manage vast amounts of sensitive data and intellectual property, making them attractive targets for ransomware attacks.
Sources
- Dark Web Profile: RansomHub - SOCRadar
- UNAM International
- Bloomberg - Universidad Nacional Autónoma de México Company Profile
- Dun & Bradstreet - Universidad Nacional Autónoma de México
- RocketReach - Universidad Nacional Autónoma de México Profile
```
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.