Ransomware Group RansomHub Targets Corient Capital Partners

Incident Date:

April 24, 2024

World map

Overview

Title

Ransomware Group RansomHub Targets Corient Capital Partners

Victim

CORIENT <rhbco.com> lookup

Attacker

Ransomhub

Location

Wilmington, USA

Delaware, USA

First Reported

April 24, 2024

RansomHub Targets Corient Capital Partners in Ransomware Attack

Overview of the Attack

Corient Capital Partners LLC, a prominent wealth management firm, has become the latest victim of the ransomware group RansomHub. The cybercriminals have claimed responsibility for the attack on their dark web leak site, stating that they have exfiltrated 30 GB of data from the firm's network.

Company Profile: Corient Capital Partners

  • Company Size: Corient manages over $164 billion in client assets and employs a team of more than 240 partners.
  • Industry Standout: As one of the largest integrated fee-only Registered Investment Advisors (RIAs) in the U.S., Corient is recognized for its comprehensive financial services and commitment to client excellence.
  • Revenue: Specific revenue figures are not publicly disclosed, but the firm's substantial assets under management indicate significant operations.

Potential Vulnerabilities

While the specific vulnerabilities that were exploited in this attack are not detailed, firms like Corient with large asset holdings and extensive client information are attractive targets for ransomware groups. The high value of the stolen data can provide leverage for ransom demands, making financial institutions perennial targets for cybercriminals.

Details of the Ransomware Group

RansomHub is a relatively new player in the ransomware arena, known for its Ransomware-as-a-Service (RaaS) model. The group's operations are believed to have roots in Russia, with a typical setup that includes affiliates who carry out the attacks and share the proceeds with the core team.

References

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.