snatch attacks Mab Group

Incident Date:

January 27, 2022

World map



snatch attacks Mab Group


Mab Group




Karachi, Pakistan

Sindh, Pakistan

First Reported

January 27, 2022

Mab Group Suffers Ransomware Attack, Data Extortion Threat

Overview of the Incident

The Mab Group, a prominent entity in the Finance sector, recently fell victim to a ransomware attack orchestrated by a group known as RansomHub. This incident was publicized on the group's dark web leak site, where they boasted possession of 4 TB of "highly selective data" from the Mab Group. The company, which is based in Pakistan, is renowned for its services in fire protection, marine safety, and the development of emerging technologies. With a history spanning over 34 years, the Mab Group has established itself as a leader in the design, installation, and commissioning of large enterprise-class systems, particularly catering to the seafaring community with a variety of life-saving protection and safety equipment.

Details of the Ransomware Attack

RansomHub, which only came into the cybercrime scene in February 2024, has already made headlines by targeting the Mab Group. The ransomware group's threat to release the stolen data unless a ransom is paid underscores the severity of the attack. According to insights shared with the research and threat intelligence project Vx-Underground, RansomHub's operation is reportedly bolstered by former affiliates of the BlackCat ransomware group. This connection suggests that the Mab Group's data may have been compromised through the exit scam tactics commonly associated with BlackCat, highlighting a concerning trend in the ransomware ecosystem.

Implications for Cybersecurity

The attack on the Mab Group underscores a critical vulnerability within companies operating in regions or sectors perceived as unlikely targets for cybercriminals. The assumption that Pakistani companies, or those focused on seemingly less digital-intensive services like fire protection and marine safety, are at a lower risk of cyber attacks is a misconception. The involvement of the Mab Group in emerging technologies further amplifies their exposure to sophisticated cyber threats, demonstrating the universal need for robust cybersecurity measures across all sectors and regions.

This incident serves as a stark reminder of the importance of vigilance and proactive security strategies to safeguard against ransomware attacks and data extortion schemes. Companies, regardless of their size, sector, or geographical location, must prioritize the implementation of comprehensive security measures to protect their data and systems from the evolving landscape of cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.