Ransomware Hits ErgoFloor Exposing Data Vulnerabilities
Incident Date:
October 9, 2024
Overview
Title
Ransomware Hits ErgoFloor Exposing Data Vulnerabilities
Victim
ErgoFloor
Attacker
8base
Location
First Reported
October 9, 2024
Ransomware Attack on ErgoFloor by 8Base Group
ErgoFloor, a Danish manufacturer known for its sustainable rubber flooring solutions, has become the latest victim of a ransomware attack by the notorious 8Base group. This incident highlights the vulnerabilities faced by small to medium-sized enterprises in the manufacturing sector, particularly those with a strong international presence.
About ErgoFloor
ErgoFloor A/S, headquartered in Tørring, Midtjylland, Denmark, specializes in producing high-quality rubber flooring products. The company is recognized for its commitment to sustainability, utilizing recycled materials to create durable and safe flooring options for various applications, including fitness, equestrian, and industrial sectors. Their innovative designs and eco-friendly practices have positioned them as a key player in the rubber flooring market.
Details of the Attack
The ransomware attack, claimed by the 8Base group, compromised a significant amount of sensitive data from ErgoFloor. The stolen information includes invoice receipts, accounting documents, personal data, certificates, employment contracts, and confidential agreements. The breach was made public on September 23rd, as part of a broader campaign targeting 13 companies across different industries and countries. Despite the ransom deadline passing on September 30th, the data has not been released, suggesting ongoing negotiations or strategic withholding by the attackers.
Profile of the 8Base Ransomware Group
The 8Base ransomware group has gained notoriety for its aggressive double-extortion tactics, encrypting data and threatening to leak it unless a ransom is paid. Emerging in April 2022, the group has evolved into a sophisticated operation, employing AES-256 encryption and leveraging the Phobos ransomware variant. Their attacks often begin with phishing emails or through compromised credentials sold on the Dark Web, allowing them to infiltrate systems undetected.
Potential Vulnerabilities
ErgoFloor's status as a small to medium-sized enterprise with international trade activities may have made it an attractive target for 8Base. The company's reliance on digital systems for managing sensitive data, coupled with its significant market presence, could have exposed vulnerabilities that the ransomware group exploited. The attack underscores the importance of effective cybersecurity measures, particularly for companies operating in sectors with high-value data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.