Ransomware Attack on Berge Bulk: RansomHouse Targeting Companies
Incident Date:
May 20, 2024
Overview
Title
Ransomware Attack on Berge Bulk: RansomHouse Targeting Companies
Victim
Berge Bulk
Attacker
Ransomhouse
Location
First Reported
May 20, 2024
Ransomware Attack on Berge Bulk by RansomHouse
Company Overview
Berge Bulk, a leading independent dry bulk owner, known for safe, efficient, and sustainable delivery of commodities worldwide, was targeted in a cyberattack on April 18, 2024. The company operates a fleet of over 80 vessels with a total capacity of over 15 million DWT and generates $16.4 million in revenue. Employing 89 people, Berge Bulk stands out in the industry for its commitment to safety, efficiency, and sustainability.
Attack Overview
The ransomware attack on Berge Bulk resulted in the encryption of approximately 500GB of data. Evidence of the breach was posted on the dark web and has been viewed 9,913 times. While an evidence pack is available for download, a full data dump has not been disclosed yet. The disclosure status and date are contingent on external factors.
Ransomware Group: RansomHouse
RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead steals sensitive data from victims and threatens to publicly release it if a ransom is not paid. The group positions itself as a force for good, aiming to highlight companies that neglect security measures.
Company Vulnerabilities
Berge Bulk's prominence in the industry and the sensitive nature of the data it handles make it an attractive target for threat actors like RansomHouse. The company's large fleet and extensive operations may have provided multiple entry points for the attackers to exploit. Additionally, the company's commitment to sustainability and decarbonization may have diverted resources from cybersecurity measures, leaving them vulnerable to such attacks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.