Ransomware Attack on Kamo Jou Trading and Projects: A Cybersecurity Incident Analysis

Incident Date:

May 8, 2024

World map

Overview

Title

Ransomware Attack on Kamo Jou Trading and Projects: A Cybersecurity Incident Analysis

Victim

Kamo Jou Trading

Attacker

Ransomhub

Location

Polokwane, South Africa

, South Africa

First Reported

May 8, 2024

Ransomware Attack on Kamo Jou Trading and Projects

Victim Profile

Kamo Jou Trading and Projects is a South African company established in 2012. They specialize in trading, procurement, and supply across various markets such as Logistics, Mining, Construction, Automotive, Energy, and Agriculture. The company is 100% black youth and female owned, with a focus on excellence and strong partnerships with leading stakeholders and suppliers. They operate in the North West and Limpopo Mine catchment area with offices in Mokopane, Polokwane, and Rustenburg. Kamo Jou Trading emphasizes values beyond business, aiming to make a positive impact on society, the environment, and the economy through community projects and ethical operations.

Company Size and Industry Standing

Kamo Jou Trading is known for its expertise in developing bespoke solutions, RFQ management, and operational excellence. They prioritize forward-thinking, operational efficiency, and understanding the socio-cultural environment in the areas they operate in. The company focuses on B2B marketing strategies, asset rightness, and adding value to customers across the supply chain process. Kamo Jou Trading boasts a proven track record, trusted reputation, long-standing relationships with suppliers and customers, and effective risk management practices.

Vulnerabilities and Attack Details

Kamo Jou Trading and Projects fell victim to a cybercrime attack by the ransomware group RansomHub. The attack involved ransomware, resulting in the exfiltration of 2 GB of data, the type of which remains undisclosed. Despite the attack, no leaked data was identified. The ransom deadline was set for May 16, 2024.

Ransomware Group - RansomHub

RansomHub is a global ransomware group that emerged in February 2024. They have targeted various entities, including Kamo Jou Trading and Projects. The group distinguishes itself by substantiating claims with data leaks and operates as a Ransomware-as-a-Service (RaaS) group. RansomHub collaborates with affiliates, offering them a significant portion of the ransom proceeds. Victims of RansomHub's attacks span various countries and sectors, with healthcare institutions being prominent targets.

Potential Penetration

It is unclear how RansomHub penetrated Kamo Jou Trading and Projects' systems. However, the company's involvement in multiple sectors and its emphasis on operational excellence and strong partnerships may have made it an attractive target for threat actors. Additionally, the company's focus on community projects and ethical operations could have inadvertently exposed vulnerabilities that were exploited by the ransomware group.

Sources:

Kamo Jou Trading Website

Kamo Jou Trading About Page

RansomFeed Data Export

Dun & Bradstreet - Kamo Jou Trading Profile

Platinum Weekly - Kamo Jou Trading Vacancy

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.