Sobha Ltd. Hit by RansomHub Ransomware, 10GB Data Stolen
Incident Date:
August 6, 2024
Overview
Title
Sobha Ltd. Hit by RansomHub Ransomware, 10GB Data Stolen
Victim
Sobha Ltd
Attacker
Ransomhub
Location
First Reported
August 6, 2024
RansomHub Targets Sobha Ltd. in Ransomware Attack
Sobha Ltd., a prominent real estate development company based in Bangalore, India, has recently fallen victim to a ransomware attack orchestrated by the RansomHub group. The attack has reportedly led to the exfiltration of 10 GB of highly sensitive data, with a ransom deadline set for August 11, 2023.
About Sobha Ltd.
Established in 1995, Sobha Ltd. is renowned for its commitment to quality, transparency, and timely delivery in the construction and real estate sector. The company operates across various Indian cities, including Bangalore, Kerala, Delhi-NCR, Chennai, Coimbatore, Mysore, and Pune. Sobha Ltd. employs approximately 3,791 individuals and reported a revenue of around ₹4,208 crores (approximately $510 million) for the fiscal year ending March 2023.
Sobha Ltd. stands out in the industry due to its philosophy of "passion at work," emphasizing quality craftsmanship and self-reliance in construction. The company has pioneered backward integration, producing many of its own construction materials to maintain high standards in its projects.
Attack Overview
In a regulatory filing, Sobha Ltd. disclosed the ransomware attack, highlighting the swift response from its management team. The company assured stakeholders that there was no significant impact on its operations. The technical team promptly implemented necessary precautions to mitigate the attack's effects and initiated measures to restore and retrieve affected systems. Despite the breach, Sobha Ltd. emphasized that its operations continue to run smoothly.
About RansomHub
RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. RansomHub's ransomware strains are written in Golang, a language choice that may indicate future trends in ransomware development.
Potential Vulnerabilities
Sobha Ltd.'s extensive use of technology in its operations, including advanced construction techniques and a comprehensive Customer Relationship Management (CRM) system, may have made it a target for cybercriminals. The company's reliance on digital systems for project management and customer engagement could have provided entry points for the ransomware attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.