Ransomware Attack on Bjurholms kommun: A Government Sector Target

Incident Date:

May 30, 2024

World map

Overview

Title

Ransomware Attack on Bjurholms kommun: A Government Sector Target

Victim

Bjurholms kommun

Attacker

Ransomhub

Location

Bjurholm, Sweden

, Sweden

First Reported

May 30, 2024

Ransomware Attack on Bjurholms kommun

Victim Overview

Bjurholms kommun is a municipality located in Västerbotten County, Sweden. Operating within the Government sector, the municipality employs between 201-500 people..

Attack Overview

The RansomHub ransomware group targeted Bjurholms kommun, leading to the exfiltration of 100 GB of data. This attack resulted in the shutdown of both the internal system and external broadband of the municipality. Chief of Staff Jimmy Johansson described the situation as serious due to the lack of system access.

Ransomware Group Profile

RansomHub is a new ransomware group known for making claims and substantiating them with data leaks. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money. The group has targeted various countries without a specific pattern, including the US, Brazil, Indonesia, and Vietnam. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world.

Company Vulnerabilities

Bjurholms kommun's status as a government administration organization may have made it a target for threat actors like RansomHub. The sensitive nature of data held by government entities makes them attractive targets for ransomware attacks. Additionally, the large number of employees within the municipality could provide more entry points for threat actors to exploit.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.