SpaceBears Ransomware Hits Codival Security Services in Côte d'Ivoire

Incident Date:

August 21, 2024

World map

Overview

Title

SpaceBears Ransomware Hits Codival Security Services in Côte d'Ivoire

Victim

Codival

Attacker

SpaceBears

Location

Abidjan, Côte d’Ivoire

, Côte d’Ivoire

First Reported

August 21, 2024

SpaceBears Ransomware Group Targets Codival in Côte d'Ivoire

In a recent cyberattack, the ransomware group SpaceBears has claimed responsibility for breaching the systems of Codival, a prominent security services provider in Côte d'Ivoire. The attack was announced on SpaceBears' dark web leak site, with a ransom deadline set for August 30, 2024. Codival, officially known as Côte d'Ivoire Valeurs, specializes in cash management and security solutions, making it a significant player in the Business Services sector.

About Codival

Codival, established in 1975 and rebranded from Brinks West Africa in January 2016, operates under the SAGAM International Group. The company offers a range of services, including cash-in-transit, cash processing, ATM management, electronic security, and fire safety solutions. With a workforce exceeding 400 employees, Codival serves a diverse clientele, including government entities, banks, and various industries across Côte d'Ivoire. The company is known for its adherence to international security standards and its use of advanced technology in its operations.

Attack Overview

The SpaceBears ransomware group has set a ransom deadline for August 30, 2024, but specific details about the compromised data or the ransom amount have not been disclosed. Codival is currently assessing the extent of the breach and working on a response strategy to mitigate the impact. The attack highlights the vulnerabilities that even well-established companies face in the evolving landscape of cyber threats.

About SpaceBears

SpaceBears emerged in mid-March 2024 and has quickly gained notoriety for targeting several prominent organizations. The group operates a leak site on an Onion URL, employing double extortion tactics where data is stolen and used to extort victims in addition to encrypting files. SpaceBears is associated with the Faust operator, an affiliate of the Phobos ransomware-as-a-service group, indicating its sophistication and ties to established ransomware networks. The group's corporate-like website is hosted in Moscow, Russia, adding a unique front to its operations.

Potential Vulnerabilities

Codival's extensive use of advanced technology and its critical role in cash management and security services make it an attractive target for ransomware groups like SpaceBears. The company's reliance on electronic monitoring systems, geolocation technology, and high-performance security equipment could have been potential entry points for the attackers. The breach underscores the importance of robust cybersecurity measures, even for companies with a strong reputation for security.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.