RansomHub Claims Ransomware Attack on GlowFM: Details and Implications

Incident Date: Jul 19, 2024

Attack Overview
VICTIM
GlowFM
INDUSTRY
Media & Internet
LOCATION
Netherlands
ATTACKER
Ransomhub
FIRST REPORTED
July 19, 2024

RansomHub Claims Ransomware Attack on GlowFM

Overview of the Attack

GlowFM, a local radio station based in Eindhoven, Netherlands, has been targeted by the ransomware group RansomHub. The attackers infiltrated GlowFM's systems, gaining access to all files and webmails. They encrypted and exfiltrated sensitive information from the company's servers. RansomHub is demanding a ransom payment, threatening to publicly leak all private documents, databases, webmails, and source code if their demands are not met. The compromised domains include www.glowfm.nl and glowfm.nl.

About GlowFM

GlowFM operates in the Media & Internet sector, primarily as a local radio station offering a diverse range of programming and services aimed at engaging the community and providing entertainment. Based in Eindhoven, the station broadcasts various music genres and hosts interactive shows that encourage listener participation. GlowFM is known for its commitment to community involvement, frequently organizing contests and giveaways, such as ticket promotions for local events and festivals. The station also provides news and updates relevant to the Eindhoven area, fostering a sense of community among listeners.

RansomHub: The Ransomware Group

RansomHub is a relatively new ransomware group that has recently emerged in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries without following a specific pattern, including the US, Brazil, Indonesia, and Vietnam. RansomHub's ransomware strains are written in Golang, a language choice that may indicate a trend towards future ransomware developments.

Potential Vulnerabilities

GlowFM's vulnerabilities that may have been exploited by RansomHub include inadequate cybersecurity measures and potential lapses in employee training on phishing and other cyber threats. The station's commitment to community engagement and interactive programming, while beneficial for audience building, may also expose it to higher risks of cyberattacks due to increased online interactions and data exchanges.

Penetration Methods

RansomHub could have penetrated GlowFM's systems through various methods, including phishing attacks, exploiting software vulnerabilities, or leveraging weak passwords. The group's use of Golang for their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures and making detection and mitigation more challenging.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.