Rosalvo Automóveis: Targeted by Qiulong Ransomware Group
Incident Date:
April 25, 2024
Overview
Title
Rosalvo Automóveis: Targeted by Qiulong Ransomware Group
Victim
Rosalvo Automovei
Attacker
Qiulong
Location
First Reported
April 25, 2024
Ransomware Attack on Rosalvo Automóveis by Qiulong Group
Overview of the Incident
In April 2024, Rosalvo Automóveis, a prominent used car dealership in Brazil, fell victim to a ransomware attack orchestrated by the notorious Qiulong ransomware group. The cybercriminals encrypted critical data across the company's operational spectrum, demanding a ransom of 30 BTC for the decryption keys.
Victim Profile: Rosalvo Automóveis
Founded in 1988, Rosalvo Automóveis has been a key player in the Brazilian used car market. The company specializes in buying and selling used vehicles, offering consignment sales, and providing post-sale services and negotiation consulting. Their innovative approach to the used car market has set them apart in the industry.
The company's website, which serves as a critical component of their business operations for showcasing inventory and interacting with customers, was the primary target of the attack.
Details of the Attack
The Qiulong group leveraged exposed RDP servers and vulnerabilities in FortiOS to gain initial access to Rosalvo Automóveis' network. Subsequent deployment of ransomware encrypted various types of sensitive data including personal data of clients and employees, financial records, and contractual agreements.
Qiulong Ransomware Group Profile
Qiulong is a well-known entity in the cybercrime world, particularly targeting organizations within Latin America. Their sophisticated tactics mirror those of major ransomware families like Hive and Nokayawa, utilizing advanced methods for network infiltration and data encryption.
Vulnerabilities and Industry Impact
Rosalvo Automóveis' reliance on digital platforms for business operations, coupled with insufficient cybersecurity measures against advanced ransomware tactics, made them a prime target for Qiulong. The attack not only disrupted their business operations but also posed significant reputational risks, highlighting the critical need for enhanced cybersecurity practices in the automotive sales industry.
Sources
- Rosalvo Automóveis Official Website
- Rosalvo Automóveis Inventory
- About Rosalvo Automóveis
- Rosalvo Automóveis Sales and Consignment
- Rosalvo Automóveis Vehicle Request
- WatchGuard Ransomware Tracker: Qiulong
- SOCRadar Dark Web Profile: Play Ransomware
- SOCRadar Dark Web Threat Profile: Clop Ransomware
- Reddit Malware Community
- BlackFog Top 10 Ransomware Groups of 2023
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.