Ransomware Attack on Eucatex by RansomHub

Incident Date:

May 16, 2024

World map

Overview

Title

Ransomware Attack on Eucatex by RansomHub

Victim

Eucatex

Attacker

Ransomhub

Location

Belo Horizonte, Brazil

, Brazil

First Reported

May 16, 2024

Ransomware Attack on Eucatex by RansomHub

Victim Overview

Eucatex is a Brazilian company founded in 1951 that specializes in the production of wood panels, paints, varnishes, and other construction and furniture industry products. They are one of the largest producers of various construction materials in Brazil.

Company Size and Industry Standing

While the exact size and revenue figures of Eucatex are not provided, the company is known for its wide range of products, including acoustic and thermal insulation solutions. Their diverse product offerings and long-standing presence in the industry make them a prominent player in the construction sector.

Attack Overview

RansomHub, a ransomware group believed to have roots in Russia, targeted Eucatex in a recent cyberattack. The victim's website was compromised, and approximately 150 GB of sensitive data was exfiltrated. This data included information on clients, contractors, financial documents, NDA agreements, and application source codes.

Ransomware Group Profile

The group distinguishes itself by backing up its claims with data leaks and operates as a Ransomware-as-a-Service (RaaS) group. Affiliates receive 90% of the ransom money, while the main group retains 10%. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a focus on healthcare-related institutions.

Attack Vulnerabilities

Eucatex's vulnerabilities in being targeted by threat actors may stem from the sensitive nature of the data they possess, including client information and financial documents. Additionally, the company's online presence and digital infrastructure could have been exploited by RansomHub to gain unauthorized access to their systems.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.