Wilmington Country Club Hit by $29.4M Ransomware Attack
Incident Date:
September 3, 2024
Overview
Title
Wilmington Country Club Hit by $29.4M Ransomware Attack
Victim
Wilmington Country Club
Attacker
Ransomhub
Location
First Reported
September 3, 2024
RansomHub Targets Wilmington Country Club in Ransomware Attack
Wilmington Country Club, a prestigious private club located in Wilmington, Delaware, has become the latest victim of a ransomware attack orchestrated by the cybercriminal group RansomHub. The attackers have demanded a ransom of $29.4 million, following the exfiltration of 357GB of data, although less than 1% of this data has been disclosed publicly.
About Wilmington Country Club
Established in 1901, Wilmington Country Club is a member-owned private club that operates as a nonprofit organization under 501(c)(7). The club boasts approximately 2,250 members and offers a wide range of athletic, social, and family activities. Its facilities include two championship golf courses, multiple tennis courts, a fitness center, swimming pools, and fine dining options. The club is renowned for its rich history and commitment to providing a versatile experience for its members.
Attack Overview
The ransomware attack on Wilmington Country Club underscores the growing threat of ransomware to organizations of all types and sizes. The breach has resulted in the exfiltration of 357GB of data, with the attackers demanding a ransom of $29.4 million. The attack highlights the vulnerabilities that even well-regarded institutions face in the current cybersecurity landscape.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, first appeared in February 2024. The group quickly gained notoriety by adopting a highly adaptable and aggressive affiliate model. RansomHub is known for its speed and efficiency, with ransomware optimized to encrypt large datasets quickly while targeting a wide range of cross-platform systems. The group employs double extortion tactics, combining encryption with data theft to increase pressure on victims to pay ransoms.
Penetration and Vulnerabilities
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. In the case of Wilmington Country Club, the attackers likely exploited unpatched systems or used phishing techniques to infiltrate the network. Once inside, they conducted multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The club's extensive digital infrastructure and valuable data made it an attractive target for the ransomware group.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.