SpaceBears Ransomware Group Targets Codival in Côte d'Ivoire

In a recent cyberattack, the ransomware group SpaceBears has claimed responsibility for breaching the systems of Codival, a prominent security services provider in Côte d'Ivoire. The attack was announced on SpaceBears' dark web leak site, with a ransom deadline set for August 30, 2024. Codival, officially known as Côte d'Ivoire Valeurs, specializes in cash management and security solutions, making it a significant player in the Business Services sector.

About Codival

Codival, established in 1975 and rebranded from Brinks West Africa in January 2016, operates under the SAGAM International Group. The company offers a range of services, including cash-in-transit, cash processing, ATM management, electronic security, and fire safety solutions. With a workforce exceeding 400 employees, Codival serves a diverse clientele, including government entities, banks, and various industries across Côte d'Ivoire. The company is known for its adherence to international security standards and its use of advanced technology in its operations.

Attack Overview

The SpaceBears ransomware group has set a ransom deadline for August 30, 2024, but specific details about the compromised data or the ransom amount have not been disclosed. Codival is currently assessing the extent of the breach and working on a response strategy to mitigate the impact. The attack highlights the vulnerabilities that even well-established companies face in the evolving landscape of cyber threats.

About SpaceBears

SpaceBears emerged in mid-March 2024 and has quickly gained notoriety for targeting several prominent organizations. The group operates a leak site on an Onion URL, employing double extortion tactics where data is stolen and used to extort victims in addition to encrypting files. SpaceBears is associated with the Faust operator, an affiliate of the Phobos ransomware-as-a-service group, indicating its sophistication and ties to established ransomware networks. The group's corporate-like website is hosted in Moscow, Russia, adding a unique front to its operations.

Potential Vulnerabilities

Codival's extensive use of advanced technology and its critical role in cash management and security services make it an attractive target for ransomware groups like SpaceBears. The company's reliance on electronic monitoring systems, geolocation technology, and high-performance security equipment could have been potential entry points for the attackers. The breach underscores the importance of robust cybersecurity measures, even for companies with a strong reputation for security.

• Codival Official Website
• SAGAM International - Codival
• Annuaire Ivoire - Codival
• LinkedIn - Codival
• Dun & Bradstreet - Codival