The Dark Web Threat: RansomHub's Attack on Skyway Coach
Incident Date:
April 9, 2024
Overview
Title
The Dark Web Threat: RansomHub's Attack on Skyway Coach
Victim
Skyway Coach
Attacker
Ransomhub
Location
First Reported
April 9, 2024
Ransomware Assault on Skyway Coach by RansomHub
Profile of the Target
Skyway Coach Lines, a transportation firm headquartered in Markham, Ontario, operates within the truck transportation sector, boasting a workforce of 51-200 employees. The company offers flexible travel solutions for coach charters, secure transportation for students and athletic teams, and corporate group travel, focusing on delivering comfort, style, and affordability. Skyway Coach underscores professionalism and a dedication to meeting travelers' requirements, including expertise in corporate travel management.
Ransomware Collective: RansomHub
RansomHub stands out as a recent ransomware collective recognized for asserting claims and substantiating them with data breaches. Operating as a Ransomware-as-a-Service (RaaS) collective, RansomHub allocates 90% of the ransom proceeds to affiliates. The collective has targeted diverse nations, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions among the afflicted entities.
Specifics of the Attack
RansomHub has professed responsibility for an incursion on Skyway Coach via their dark web leak site. The ransomware strains employed by RansomHub are coded in Golang, representing a relatively recent trend in the realm of ransomware. The integration of AI technology has bolstered the efficacy of ransomware assaults, thereby amplifying their frequency.
Organizational Vulnerabilities
Skyway Coach, operating as a transportation entity heavily reliant on digital infrastructure for its operations and client engagement, finds itself susceptible to ransomware attacks. The company's emphasis on professionalism and dedication to meeting travelers' requirements could make them an attractive target for malevolent cybercriminals intent on disrupting operations and extorting funds.
References:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.