RansomHub Claims Cyberattack on Kumagai Gumi, Exfiltrates 5TB of Sensitive Data

Incident Date: Jul 20, 2024

Attack Overview
VICTIM
Kumagai Gumi Co., Ltd.
INDUSTRY
Construction
LOCATION
Japan
ATTACKER
Ransomhub
FIRST REPORTED
July 20, 2024

RansomHub Claims Ransomware Attack on Kumagai Gumi Co., Ltd.

Overview of Kumagai Gumi Co., Ltd.

Kumagai Gumi Co., Ltd., established in 1898 and incorporated in 1938, is a leading Japanese construction company headquartered in Shinjuku, Tokyo. The company operates primarily in the construction and civil engineering sectors, offering services such as investigation, survey, planning, design, and supervision of construction projects. With a capital of ¥30.1 billion and approximately 2,635 employees, Kumagai Gumi is known for its significant infrastructure projects, including the Tokuyama Dam and the Seikan Tunnel. The company also emphasizes environmentally friendly practices and has a strong international presence, particularly in Taiwan.

Details of the Ransomware Attack

RansomHub, a relatively new ransomware group, has claimed responsibility for a cyberattack on Kumagai Gumi Co., Ltd. The group announced the breach on their dark web leak site, stating that they had infiltrated the company's network for an extended period. During this time, they exfiltrated over 5TB of sensitive data, including various documents and client information. The attackers have threatened to release this data publicly if their demands are not met, potentially causing significant reputational damage and legal repercussions for Kumagai Gumi.

About RansomHub

RansomHub is a ransomware group believed to have roots in Russia, operating as a Ransomware-as-a-Service (RaaS) entity. Affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare institutions.

Potential Vulnerabilities and Penetration Methods

Kumagai Gumi's extensive operations and significant data repositories make it an attractive target for ransomware groups like RansomHub. The company's involvement in high-profile infrastructure projects and international collaborations increases the potential impact of a data breach. RansomHub likely penetrated Kumagai Gumi's systems through common vulnerabilities such as phishing attacks, unpatched software, or weak network security protocols. The use of Golang in their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.