NoEscape attacks Elbe Obst Fruchtverarbeitung

Incident Date: Oct 10, 2023

Attack Overview
VICTIM
Elbe Obst Fruchtverarbeitung
INDUSTRY
Agriculture
LOCATION
Germany
ATTACKER
Noescape
FIRST REPORTED
October 10, 2023

NoEscape Ransomware Targets Elbe Obst Fruchtverarbeitung

The NoEscape ransomware gang has attacked Elbe Obst Fruchtverarbeitung. Elbe Obst Fruchtverarbeitung is an apple and apple products processor and supplier headquartered in Germany. NoEscape posted Elbe Obst Fruchtverarbeitung to its data leak site on October 10th but provided no further details.

Ransomware-as-a-Service Operation

NoEscape is a ransomware-as-a-service operation. The ransomware builder interface allows affiliates to customize various settings when creating the ransomware executables. However, the primary function of NoEscape is to encrypt files.

Victim Notification

Victims of NoEscape receive a note informing them that their network has been breached and infected by a group called NoEscape. The note reveals that all of their company documents, databases, and other crucial files have been encrypted. Additionally, the perpetrators have also obtained the victims' confidential documents, personal data, and sensitive information.

Demand for Ransom

To regain access to their files, the victims are instructed to make a payment in exchange for a special recovery tool. Non-compliance with this demand will result in the victims' files remaining encrypted indefinitely, and the stolen information being offered for sale on the darknet.

Payment Instructions

To facilitate the payment process, the victims are advised to download and install the TOR browser and access a specific link provided in the note. They must then enter their ID and follow the accompanying instructions. The note explicitly warns the victims against making any modifications or attempting file recovery on their own, emphasizing that only the perpetrators possess the ability to restore the encrypted files.

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.