Ransomware Attack on Berge Bulk: RansomHouse Targeting Companies

Incident Date:

May 20, 2024

World map

Overview

Title

Ransomware Attack on Berge Bulk: RansomHouse Targeting Companies

Victim

Berge Bulk

Attacker

Ransomhouse

Location

Singapore, Singapore

, Singapore

First Reported

May 20, 2024

Ransomware Attack on Berge Bulk by RansomHouse

Company Overview

Berge Bulk, a leading independent dry bulk owner, known for safe, efficient, and sustainable delivery of commodities worldwide, was targeted in a cyberattack on April 18, 2024. The company operates a fleet of over 80 vessels with a total capacity of over 15 million DWT and generates $16.4 million in revenue. Employing 89 people, Berge Bulk stands out in the industry for its commitment to safety, efficiency, and sustainability.

Attack Overview

The ransomware attack on Berge Bulk resulted in the encryption of approximately 500GB of data. Evidence of the breach was posted on the dark web and has been viewed 9,913 times. While an evidence pack is available for download, a full data dump has not been disclosed yet. The disclosure status and date are contingent on external factors.

Ransomware Group: RansomHouse

RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead steals sensitive data from victims and threatens to publicly release it if a ransom is not paid. The group positions itself as a force for good, aiming to highlight companies that neglect security measures.

Company Vulnerabilities

Berge Bulk's prominence in the industry and the sensitive nature of the data it handles make it an attractive target for threat actors like RansomHouse. The company's large fleet and extensive operations may have provided multiple entry points for the attackers to exploit. Additionally, the company's commitment to sustainability and decarbonization may have diverted resources from cybersecurity measures, leaving them vulnerable to such attacks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.