Rosalvo Automóveis: Targeted by Qiulong Ransomware Group

Incident Date:

April 25, 2024

World map



Rosalvo Automóveis: Targeted by Qiulong Ransomware Group


Rosalvo Automovei




Belo Horizonte, Brazil

, Brazil

First Reported

April 25, 2024

Ransomware Attack on Rosalvo Automóveis by Qiulong Group

Overview of the Incident

In April 2024, Rosalvo Automóveis, a prominent used car dealership in Brazil, fell victim to a ransomware attack orchestrated by the notorious Qiulong ransomware group. The cybercriminals encrypted critical data across the company's operational spectrum, demanding a ransom of 30 BTC for the decryption keys.

Victim Profile: Rosalvo Automóveis

Founded in 1988, Rosalvo Automóveis has been a key player in the Brazilian used car market. The company specializes in buying and selling used vehicles, offering consignment sales, and providing post-sale services and negotiation consulting. Their innovative approach to the used car market has set them apart in the industry.

The company's website, which serves as a critical component of their business operations for showcasing inventory and interacting with customers, was the primary target of the attack.

Details of the Attack

The Qiulong group leveraged exposed RDP servers and vulnerabilities in FortiOS to gain initial access to Rosalvo Automóveis' network. Subsequent deployment of ransomware encrypted various types of sensitive data including personal data of clients and employees, financial records, and contractual agreements.

Qiulong Ransomware Group Profile

Qiulong is a well-known entity in the cybercrime world, particularly targeting organizations within Latin America. Their sophisticated tactics mirror those of major ransomware families like Hive and Nokayawa, utilizing advanced methods for network infiltration and data encryption.

Vulnerabilities and Industry Impact

Rosalvo Automóveis' reliance on digital platforms for business operations, coupled with insufficient cybersecurity measures against advanced ransomware tactics, made them a prime target for Qiulong. The attack not only disrupted their business operations but also posed significant reputational risks, highlighting the critical need for enhanced cybersecurity practices in the automotive sales industry.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.