RansomHub Claims Ransomware Attack on GlowFM: Details and Implications
RansomHub Claims Ransomware Attack on GlowFM
Overview of the Attack
GlowFM, a local radio station based in Eindhoven, Netherlands, has been targeted by the ransomware group RansomHub. The attackers infiltrated GlowFM's systems, gaining access to all files and webmails. They encrypted and exfiltrated sensitive information from the company's servers. RansomHub is demanding a ransom payment, threatening to publicly leak all private documents, databases, webmails, and source code if their demands are not met. The compromised domains include www.glowfm.nl and glowfm.nl.
About GlowFM
GlowFM operates in the Media & Internet sector, primarily as a local radio station offering a diverse range of programming and services aimed at engaging the community and providing entertainment. Based in Eindhoven, the station broadcasts various music genres and hosts interactive shows that encourage listener participation. GlowFM is known for its commitment to community involvement, frequently organizing contests and giveaways, such as ticket promotions for local events and festivals. The station also provides news and updates relevant to the Eindhoven area, fostering a sense of community among listeners.
RansomHub: The Ransomware Group
RansomHub is a relatively new ransomware group that has recently emerged in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries without following a specific pattern, including the US, Brazil, Indonesia, and Vietnam. RansomHub's ransomware strains are written in Golang, a language choice that may indicate a trend towards future ransomware developments.
Potential Vulnerabilities
GlowFM's vulnerabilities that may have been exploited by RansomHub include inadequate cybersecurity measures and potential lapses in employee training on phishing and other cyber threats. The station's commitment to community engagement and interactive programming, while beneficial for audience building, may also expose it to higher risks of cyberattacks due to increased online interactions and data exchanges.
Penetration Methods
RansomHub could have penetrated GlowFM's systems through various methods, including phishing attacks, exploiting software vulnerabilities, or leveraging weak passwords. The group's use of Golang for their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures and making detection and mitigation more challenging.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!