RansomHub Hits Chile's Largest Family-Owned Winery in Major Cyberattack
RansomHub Targets Viña Luis Felipe Edwards in Ransomware Attack
Viña Luis Felipe Edwards, a prominent family-owned winery in Chile’s Colchagua Valley, has become the latest victim of a ransomware attack orchestrated by the cybercriminal group RansomHub. The attack, discovered on September 2, 2024, compromised the winery's website, lfewines.com, resulting in a significant data breach with a leak size of 178GB.
About Viña Luis Felipe Edwards
Established in 1976 by Luis Felipe Edwards Sr., Viña Luis Felipe Edwards (LFE Wines) is the largest family-owned wine company in Chile. The winery operates across 1,850 hectares of vineyards in several premier wine-growing regions. Known for its commitment to quality and innovation, LFE Wines produces a diverse range of wines, including Cabernet Sauvignon, Merlot, Carmenere, and Malbec. The company employs around 186 people and reports an estimated revenue of approximately $4 million.
Attack Overview
The ransomware attack on LFE Wines highlights the growing threat of cyberattacks on businesses of all sizes and sectors. RansomHub, a Ransomware-as-a-Service (RaaS) group, claimed responsibility for the attack via their dark web leak site. The group is known for its aggressive affiliate model and double extortion tactics, encrypting victims' data and exfiltrating sensitive information to leverage ransom demands.
RansomHub's Modus Operandi
RansomHub distinguishes itself with its speed and efficiency, targeting large enterprises with valuable data. The group uses a combination of phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. Once inside, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. RansomHub's ransomware is optimized to encrypt large datasets quickly, using Curve 25519 elliptic curve encryption to generate unique keys per victim.
Potential Vulnerabilities
Viña Luis Felipe Edwards, like many businesses, may have been vulnerable due to unpatched systems or inadequate cybersecurity measures. RansomHub affiliates often exploit known vulnerabilities in systems like Citrix ADC and FortiOS, as well as leveraging zero-day vulnerabilities. The winery's reliance on digital infrastructure for operations and global distribution makes it a lucrative target for ransomware groups seeking high-value data.
Impact and Implications
The ransomware attack on LFE Wines underscores the critical need for enhanced cybersecurity measures in the agriculture sector. As the winery navigates the aftermath of the breach, the incident serves as a stark reminder of the pervasive threat posed by sophisticated ransomware groups like RansomHub.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!