Ransomware Attack on Bjurholms kommun: A Government Sector Target
Incident Date:
May 30, 2024
Overview
Title
Ransomware Attack on Bjurholms kommun: A Government Sector Target
Victim
Bjurholms kommun
Attacker
Ransomhub
Location
First Reported
May 30, 2024
Ransomware Attack on Bjurholms kommun
Victim Overview
Bjurholms kommun is a municipality located in Västerbotten County, Sweden. Operating within the Government sector, the municipality employs between 201-500 people..
Attack Overview
The RansomHub ransomware group targeted Bjurholms kommun, leading to the exfiltration of 100 GB of data. This attack resulted in the shutdown of both the internal system and external broadband of the municipality. Chief of Staff Jimmy Johansson described the situation as serious due to the lack of system access.
Ransomware Group Profile
RansomHub is a new ransomware group known for making claims and substantiating them with data leaks. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money. The group has targeted various countries without a specific pattern, including the US, Brazil, Indonesia, and Vietnam. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world.
Company Vulnerabilities
Bjurholms kommun's status as a government administration organization may have made it a target for threat actors like RansomHub. The sensitive nature of data held by government entities makes them attractive targets for ransomware attacks. Additionally, the large number of employees within the municipality could provide more entry points for threat actors to exploit.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.