RansomHub Targets Spandex AG in Major Ransomware Attack

Incident Date:

June 29, 2024

World map



RansomHub Targets Spandex AG in Major Ransomware Attack


Spandex AG




Dietlikon, Switzerland

, Switzerland

First Reported

June 29, 2024

RansomHub Claims Ransomware Attack on Spandex AG

Overview of Spandex AG

Spandex AG, headquartered in Switzerland, is a leading global supplier of materials, sign systems, displays, and equipment to the sign-making, graphics, and vehicle wrapping markets. Founded in 1976, the company has over 40 years of experience and operates in 19 countries, serving a customer base of 40,000 businesses. Spandex employs over 1,000 trained experts and fulfills over 3,000 orders per day from its 37 warehouses. The company’s extensive product portfolio includes over 35,000 items from leading brands, and it has achieved significant growth, reaching over €200 million in revenue in 2014.

What Makes Spandex Stand Out

Spandex is renowned for its comprehensive range of high-quality materials, state-of-the-art equipment, and innovative software solutions tailored for the sign-making, graphics, and display industries. The company offers an extensive selection of materials such as self-adhesive vinyl, digital printing media, banner materials, and specialty films. Additionally, Spandex supplies essential equipment like large format printers, cutting plotters, laminators, and heat presses. Their software solutions streamline the design and production process, enhancing productivity and creativity for their clients. Spandex also provides robust technical support and training services to ensure customers can effectively use their products and solutions.

Details of the Ransomware Attack

Spandex AG recently fell victim to a ransomware attack orchestrated by the RansomHub group. The cybercriminals behind RansomHub have claimed responsibility for the incident via their dark web leak site. The attack has raised concerns about the vulnerabilities within Spandex’s systems, which may have been exploited by the ransomware group.

About RansomHub

RansomHub is a relatively new ransomware group that has emerged in the cyber threat landscape. The group is believed to have roots in Russia and operates as a Ransomware-as-a-Service (RaaS) entity. Affiliates of RansomHub receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. Their ransomware strains are written in Golang, a language choice that aligns with recent trends in the ransomware world.

Potential Vulnerabilities and Penetration Methods

While specific details about how RansomHub penetrated Spandex’s systems are not publicly available, common vulnerabilities that ransomware groups exploit include outdated software, weak passwords, and insufficient network segmentation. RansomHub’s use of Golang for their ransomware strains suggests a sophisticated approach, potentially leveraging zero-day vulnerabilities or social engineering tactics to gain initial access. Once inside, the ransomware could have encrypted critical data, demanding a ransom for its release.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.