Ransomware Attack on Rocky Mountain Sales by RansomHub

Victim Overview

Rocky Mountain Sales, an outsourced sales and service organization based in Golden, Colorado, was targeted by the cybercrime group RansomHub. The company specializes in providing sales, customer service, and product expertise in the plumbing and building materials industry across several states in the Rocky Mountains region. Their team consists of 11-50 employees, generating $3 million in revenue as of 2024. The company stands out in the industry by offering sales representation, customer service, and product expertise in the plumbing and building materials sector across multiple states in the Rocky Mountains region.

Attack Overview

RansomHub, a ransomware group known for backing up their claims with data leaks, targeted Rocky Mountain Sales. The victim's website was compromised, and approximately 400 GB of confidential documents were exfiltrated. Some of the data has been leaked, although specific details are not provided. The attack poses a significant threat to the company's operations and security.

Ransomware Group - RansomHub

RansomHub is a new ransomware group believed to have roots in Russia. They operate as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. RansomHub distinguishes itself by making claims and backing them up with data leaks, targeting various countries and industries without a specific pattern.

Security Vulnerabilities

Rocky Mountain Sales may have been targeted due to the sensitive nature of the data they handle, including customer information and industry-specific details. The company's online presence and potential security gaps in their systems could have allowed RansomHub to penetrate their networks and carry out the ransomware attack.

Sources:

• socradar.io - RansomHub Dark Web Profile
• wired.com - Wired
• cybersecurityventures.com - Cybersecurity Ventures