Ransomware Attack on Berge Bulk by RansomHouse

Company Overview

Berge Bulk, a leading independent dry bulk owner, known for safe, efficient, and sustainable delivery of commodities worldwide, was targeted in a cyberattack on April 18, 2024. The company operates a fleet of over 80 vessels with a total capacity of over 15 million DWT and generates $16.4 million in revenue. Employing 89 people, Berge Bulk stands out in the industry for its commitment to safety, efficiency, and sustainability.

Attack Overview

The ransomware attack on Berge Bulk resulted in the encryption of approximately 500GB of data. Evidence of the breach was posted on the dark web and has been viewed 9,913 times. While an evidence pack is available for download, a full data dump has not been disclosed yet. The disclosure status and date are contingent on external factors.

Ransomware Group: RansomHouse

RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead steals sensitive data from victims and threatens to publicly release it if a ransom is not paid. The group positions itself as a force for good, aiming to highlight companies that neglect security measures.

Company Vulnerabilities

Berge Bulk's prominence in the industry and the sensitive nature of the data it handles make it an attractive target for threat actors like RansomHouse. The company's large fleet and extensive operations may have provided multiple entry points for the attackers to exploit. Additionally, the company's commitment to sustainability and decarbonization may have diverted resources from cybersecurity measures, leaving them vulnerable to such attacks.

Sources:

• Berge Bulk Website
• RansomHouse Profile
• ThreatDown Article
• Avertium Resource
• SentinelOne Anthology