Ransomware Attack on ORIUX: A Cybersecurity Threat

Incident Date:

May 21, 2024

World map

Overview

Title

Ransomware Attack on ORIUX: A Cybersecurity Threat

Victim

ORIUX: Experts in Mobility

Attacker

Ransomhub

Location

Houston, USA

Texas, USA

First Reported

May 21, 2024

Ransomware Attack on ORIUX by RansomHub

Victim Overview

ORIUX, a leading provider of Intelligent Transportation Systems (ITS) and Traffic Management solutions, was targeted in a ransomware attack by the cybercrime group RansomHub in May 2024. The company operates in the Transportation sector and has a global presence in over 250 cities worldwide, with more than 50,000 traffic intersections deployed. ORIUX is known for its innovative technology solutions focused on creating safer and more efficient traffic mobility.

Attack Details

The attackers exfiltrated 300 GB of sensitive data from ORIUX, including accounting records, HR information, financial reports, client data, and contracts. A sample of this data has been leaked on the dark web. Despite the breach, details about the ransom demand have not been disclosed, highlighting the ongoing threat of ransomware attacks on organizations.

Ransomware Group: RansomHub

RansomHub is a new ransomware group that has emerged in the cyber threat landscape, distinguishing itself by making claims and backing them up with data leaks. The group operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare-related institutions among the victims.

How the Attack Happened

The group's ransomware strains are written in Golang, a relatively new trend in the ransomware world. This language choice may indicate a shift towards future trends in ransomware attacks. The use of AI technology has also impacted ransomware, making attacks more effective and increasing their volume. ORIUX's vulnerabilities may have been exploited through a combination of social engineering tactics, phishing emails, or unpatched software vulnerabilities.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.