RansomHub Strikes Universidad Nacional Autónoma de México with Ransomware Attack

Incident Date:

May 4, 2024

World map

Overview

Title

RansomHub Strikes Universidad Nacional Autónoma de México with Ransomware Attack

Victim

Universidad Nacional Autónoma de México

Attacker

Ransomhub

Location

Mexico City, Mexico

, Mexico

First Reported

May 4, 2024

RansomHub Targets Universidad Nacional Autónoma de México in Ransomware Attack

Overview of the Attack

The Universidad Nacional Autónoma de México (UNAM), one of Latin America's largest and most prestigious universities, has recently fallen victim to a ransomware attack orchestrated by the emerging cybercriminal group RansomHub. The attackers have claimed to have exfiltrated 20 GB of data from UNAM's systems.

Victim Profile: Universidad Nacional Autónoma de México

UNAM, established on September 21, 1551, is a cornerstone of higher education in Mexico, known for its extensive academic offerings and significant cultural influence. The university employs over 7,600 staff and caters to a large student body across multiple campuses. As a hub of research and educational excellence, UNAM is integral to the academic and cultural fabric of Mexico.

Ransomware Group Profile

RansomHub, a relatively new player in the ransomware arena, operates on a Ransomware-as-a-Service (RaaS) model. This group is noted for its claims of attacks backed by actual data leaks, primarily targeting institutions across various countries indiscriminately. RansomHub's use of Golang in their ransomware development marks a strategic choice, aligning with emerging trends in cyber threats.

Potential Vulnerabilities and Entry Points

While the exact method of infiltration used by RansomHub in the attack on UNAM has not been specified, common entry points in similar cases include phishing, exploitation of unpatched systems, or compromised credentials. Educational institutions like UNAM often manage vast amounts of sensitive data and intellectual property, making them attractive targets for ransomware attacks.

Sources

```

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.