The Dark Web Threat: RansomHub's Attack on Skyway Coach

Incident Date:

April 9, 2024

World map



The Dark Web Threat: RansomHub's Attack on Skyway Coach


Skyway Coach




Merkham, Canada

, Canada

First Reported

April 9, 2024

Ransomware Assault on Skyway Coach by RansomHub

Profile of the Target

Skyway Coach Lines, a transportation firm headquartered in Markham, Ontario, operates within the truck transportation sector, boasting a workforce of 51-200 employees. The company offers flexible travel solutions for coach charters, secure transportation for students and athletic teams, and corporate group travel, focusing on delivering comfort, style, and affordability. Skyway Coach underscores professionalism and a dedication to meeting travelers' requirements, including expertise in corporate travel management.

Ransomware Collective: RansomHub

RansomHub stands out as a recent ransomware collective recognized for asserting claims and substantiating them with data breaches. Operating as a Ransomware-as-a-Service (RaaS) collective, RansomHub allocates 90% of the ransom proceeds to affiliates. The collective has targeted diverse nations, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions among the afflicted entities.

Specifics of the Attack

RansomHub has professed responsibility for an incursion on Skyway Coach via their dark web leak site. The ransomware strains employed by RansomHub are coded in Golang, representing a relatively recent trend in the realm of ransomware. The integration of AI technology has bolstered the efficacy of ransomware assaults, thereby amplifying their frequency.

Organizational Vulnerabilities

Skyway Coach, operating as a transportation entity heavily reliant on digital infrastructure for its operations and client engagement, finds itself susceptible to ransomware attacks. The company's emphasis on professionalism and dedication to meeting travelers' requirements could make them an attractive target for malevolent cybercriminals intent on disrupting operations and extorting funds.


Skyway Coach Website

RansomHub Profile

Barracuda AI Ransomware Blog

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.