redalert attacks G4:Group
Incident Date:
September 13, 2022
Overview
Title
redalert attacks G4:Group
Victim
G4:Group
Attacker
Redalert
Location
First Reported
September 13, 2022
G4:group Suffers Ransomware Attack by RedAlert Group
Overview of the Incident
G4:group, a multidisciplinary architecture and engineering firm with a global presence in cities such as Barcelona, Madrid, Turín, París, and Dubai, has recently fallen victim to a ransomware attack orchestrated by the RedAlert ransomware group. This incident was disclosed on the group's dark web leak site, highlighting the ongoing threat posed by cybercriminals to organizations worldwide.
Company Profile
With over two decades of experience in delivering international projects, G4:group has established a comprehensive understanding of client needs, enabling the delivery of projects from concept through to execution. The firm's services encompass a broad spectrum, including design conceptualization, architecture, interior design, furniture, and lighting design. G4:group prides itself on integrating the company's identity into every project phase, ensuring a tailored and cohesive outcome.
Details of the Attack
The RedAlert ransomware group, also identified by the moniker N13V, specifically targets Windows and Linux VMware ESXi servers within corporate networks. Employing a double-extortion tactic, the group first exfiltrates data from the systems before proceeding to encrypt the data locally. This method provides the attackers with increased leverage, posing a significant threat to the victimized organizations.
Implications for G4:group
Although the exact size of G4:group is not detailed, the firm's extensive international operations and multidisciplinary offerings indicate a substantial operational scale. The susceptibility of such a firm to ransomware attacks underscores the advanced capabilities of modern ransomware groups to exploit vulnerabilities in network security and data protection mechanisms.
Protective Measures Against Ransomware Attacks
To mitigate the risk of ransomware attacks, organizations are advised to adopt a multilayered security strategy. This includes securing all potential access points, such as endpoints, emails, web interfaces, and networks. Key recommendations encompass the regular updating of security solutions, conducting frequent scans, ensuring the protection of critical data through routine backups, and the continuous education of employees regarding social engineering tactics.
Sources
- "Understanding Ransomware and Strategies for Prevention and Response" - Cybersecurity and Infrastructure Security Agency (CISA), available at https://www.cisa.gov/uscert/ncas/alerts/aa20-245a
- "Ransomware: How to Prevent and Respond to Attacks" - Federal Bureau of Investigation (FBI), available at https://www.fbi.gov/investigate/cyber
- "VMware ESXi: Understanding Its Role in Cloud Computing" - VMware, available at https://www.vmware.com/products/esxi-and-esx.html
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.