Ransomware Attack on BTS Biogas by Hunters International Exposes 82.1 GB Data

Incident Date:

August 16, 2024

World map

Overview

Title

Ransomware Attack on BTS Biogas by Hunters International Exposes 82.1 GB Data

Victim

BTS Biogas

Attacker

Hunters International

Location

Affi, Italy

, Italy

First Reported

August 16, 2024

Ransomware Attack on BTS Biogas by Hunters International

BTS Biogas, a leading company in the renewable energy sector, has recently fallen victim to a ransomware attack orchestrated by the Hunters International group. The attack has resulted in the exfiltration of 82.1 GB of sensitive data, including personally identifiable information (PII), financial data, and customer information.

About BTS Biogas

Established in 1996, BTS Biogas specializes in the design, construction, and management of biogas and biomethane plants. With over 25 years of experience, the company operates internationally, providing tailored solutions that convert organic waste into renewable energy. Their operations are anchored in sustainability and the circular economy, focusing on anaerobic digestion to produce high-quality biogas from agricultural by-products, food waste, and wastewater.

BTS Biogas employs over 100 individuals and has a significant presence in Italy, France, the UK, and the US. The company is known for its innovative approach, exemplified by METANlab, Italy's first laboratory dedicated to biogas research. This commitment to innovation and sustainability has positioned BTS Biogas as a key player in the renewable energy market.

Attack Overview

The ransomware attack on BTS Biogas was claimed by Hunters International via their dark web leak site. The attackers reportedly infiltrated the company's systems and exfiltrated a substantial amount of data. The breach has exposed 69,003 files, including sensitive PII, financial data, and customer information. This incident underscores the vulnerabilities that even well-established companies in the renewable energy sector face from sophisticated cyber threats.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Their ransomware code contains approximately 60% overlap with Hive ransomware version 61, indicating a shared technical lineage.

Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has targeted victims across various regions, including the US, UK, Germany, and Namibia. Investigations have revealed potential ties to Nigeria, although the group uses fake identities and methods to conceal their true origins.

Penetration and Impact

The exact method of penetration used by Hunters International in the BTS Biogas attack remains unclear. However, given the group's technical sophistication and operational strategies, it is likely that they exploited vulnerabilities in the company's cybersecurity infrastructure. The attack has resulted in significant data breaches, financial losses, and potential reputational damage to BTS Biogas.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.