Ransomware Attack on Rocky Mountain Sales by RansomHub

Incident Date:

May 16, 2024

World map

Overview

Title

Ransomware Attack on Rocky Mountain Sales by RansomHub

Victim

Rocky Mountain Sales

Attacker

Ransomhub

Location

Golden, USA

Colorado, USA

First Reported

May 16, 2024

Ransomware Attack on Rocky Mountain Sales by RansomHub

Victim Overview

Rocky Mountain Sales, an outsourced sales and service organization based in Golden, Colorado, was targeted by the cybercrime group RansomHub. The company specializes in providing sales, customer service, and product expertise in the plumbing and building materials industry across several states in the Rocky Mountains region. Their team consists of 11-50 employees, generating $3 million in revenue as of 2024. The company stands out in the industry by offering sales representation, customer service, and product expertise in the plumbing and building materials sector across multiple states in the Rocky Mountains region.

Attack Overview

RansomHub, a ransomware group known for backing up their claims with data leaks, targeted Rocky Mountain Sales. The victim's website was compromised, and approximately 400 GB of confidential documents were exfiltrated. Some of the data has been leaked, although specific details are not provided. The attack poses a significant threat to the company's operations and security.

Ransomware Group - RansomHub

RansomHub is a new ransomware group believed to have roots in Russia. They operate as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. RansomHub distinguishes itself by making claims and backing them up with data leaks, targeting various countries and industries without a specific pattern.

Security Vulnerabilities

Rocky Mountain Sales may have been targeted due to the sensitive nature of the data they handle, including customer information and industry-specific details. The company's online presence and potential security gaps in their systems could have allowed RansomHub to penetrate their networks and carry out the ransomware attack.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.