Rhysida Ransomware Strikes Kiemle-Hankins, Disrupting Industrial Services
Incident Date:
June 15, 2024
Overview
Title
Rhysida Ransomware Strikes Kiemle-Hankins, Disrupting Industrial Services
Victim
Kiemle-Hankins
Attacker
Rhysida
Location
First Reported
June 15, 2024
Rhysida Ransomware Group Targets Kiemle-Hankins in Devastating Cyber Attack
Overview of Kiemle-Hankins
Kiemle-Hankins, headquartered in Perrysburg, Ohio, is a prominent industrial service and repair provider with over 80 years of experience. The company specializes in electrical and mechanical services, offering comprehensive solutions for the maintenance, repair, and optimization of industrial equipment. With five state-of-the-art facilities across Ohio, Michigan, Kentucky, Indiana, and Illinois, Kiemle-Hankins serves a diverse range of industries, including manufacturing, utilities, and commercial sectors. The company generated $22.3 million in revenue recently and employs over 100 skilled technicians and professionals.
Details of the Ransomware Attack
On a recent date, Kiemle-Hankins fell victim to a ransomware attack orchestrated by the Rhysida Ransomware Group. The attackers have claimed responsibility for the breach and are auctioning off exclusive data stolen from the company. The data auction deadline is set for 6 days and 23 hours, with a ransom price of 5 BTC (Bitcoin). The attack has significantly impacted Kiemle-Hankins' operations, threatening the confidentiality and integrity of their critical data.
About the Rhysida Ransomware Group
The Rhysida Ransomware Group emerged in May 2023 and has since targeted various sectors, including education, healthcare, manufacturing, information technology, and government. Rhysida ransomware is written in C++ and primarily targets Windows Operating Systems. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it on the dark web unless a ransom is paid. Rhysida uses the ChaCha20 encryption algorithm and generates ransom notes as PDF documents named “CriticalBreachDetected.pdf.”
Penetration and Impact
Rhysida typically gains initial access through phishing campaigns and leveraging valid credentials. They establish network connections via VPN and use tools like Advance IP/Port Scanner and Sysinternals PsExec for lateral movement. The group's unpredictable activity pattern and sophisticated techniques make them a formidable threat. The attack on Kiemle-Hankins underscores the vulnerabilities in industrial sectors, where the disruption of critical services can have far-reaching consequences.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.