RansomHub Targets Leading South Korean Architectural Firm in Major Data Breach

Incident Date:

June 28, 2024

World map



RansomHub Targets Leading South Korean Architectural Firm in Major Data Breach


Midam Architectural Firm Co., LTD




Guri-si, South Korea

, South Korea

First Reported

June 28, 2024

RansomHub Ransomware Attack on Midam Architectural Firm Co., LTD

Overview of the Attack

Midam Architectural Firm Co., LTD, also known as Midamea, has recently been targeted by a ransomware attack executed by the RansomHub group. The attackers have exfiltrated 370GB of data and plan to auction the stolen information over a 7-day period. If the data remains unsold, they intend to publish it. This incident underscores the increasing threat of ransomware attacks on companies across various sectors, including architecture.

About Midam Architectural Firm Co., LTD

Midam Architectural Firm Co., LTD, based in South Korea, is renowned for its innovative and contemporary designs. Founded in 1990, the firm has established itself as a leading player in the architectural design industry. Midam specializes in a wide range of architectural projects, including residential, commercial, and public buildings, with a focus on creating functional and aesthetically pleasing spaces. The firm is known for its sustainable design solutions and has received numerous awards, including the prestigious Architectural Design Award from the Korean Institute of Architects.

Company Profile and Vulnerabilities

The company employs a team of highly skilled architects, designers, and support staff, although the exact number of employees is not publicly disclosed. As a private firm, Midam does not disclose its financial information. The company's focus on innovative and sustainable design solutions makes it a standout in the industry. However, like many firms, Midam may have vulnerabilities that can be exploited by threat actors. These vulnerabilities could include outdated software, insufficient cybersecurity measures, or lack of employee training on cybersecurity best practices.

Details of the Ransomware Group: RansomHub

RansomHub is a relatively new ransomware group that has recently emerged in the cyber threat landscape. The group is believed to have roots in Russia and operates as a Ransomware-as-a-Service (RaaS) group. Affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub has targeted various countries without following a specific pattern, including the US, Brazil, Indonesia, and Vietnam. The group's ransomware strains are written in Golang, a language choice that may indicate future trends in ransomware development.

Potential Penetration Methods

While the exact method of penetration in the Midam attack is not publicly disclosed, RansomHub could have used several common tactics to infiltrate the company's systems. These methods may include phishing emails, exploiting unpatched software vulnerabilities, or leveraging weak passwords. The use of AI technology by ransomware groups has also made attacks more effective and increased their volume. Companies like Midam must adopt a multilayered approach to cybersecurity to protect against such sophisticated threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.