RansomHub Ransomware Attack Disrupts GarudaFood Operations, Data at Risk
RansomHub Ransomware Attack on GarudaFood
Overview of the Attack
GarudaFood Putra Putri Jaya Tbk, a leading Indonesian food and beverage company, has been targeted by the ransomware group RansomHub. The attack has severely disrupted the company's operations, with production coming to a halt and sensitive data being exfiltrated. RansomHub has issued an ultimatum, demanding negotiations through their specified chat channel, failing which they threaten to release the stolen data publicly.
About GarudaFood
Founded in 1990, GarudaFood is one of Indonesia's largest food and beverage companies, with business activities dating back to 1979. The company operates under the Tudung Group and is headquartered in South Jakarta. GarudaFood's product portfolio includes snacks, chocolate, biscuits, and dairy items, marketed under well-known brands such as Garuda, Gery, Chocolatos, Clevo, Prochiz, Okky, and Mountea. The company exports to over 30 countries, primarily focusing on ASEAN nations and China. GarudaFood's commitment to innovation, quality, and customer satisfaction has earned it numerous awards, including the HR Excellence Award for Learning & Development and Knowledge Management in 2023.
RansomHub: The Ransomware Group
RansomHub is a relatively new player in the ransomware landscape, operating as a Ransomware-as-a-Service (RaaS) group. Believed to have roots in Russia, RansomHub's operations resemble traditional Russian ransomware setups. The group distinguishes itself by making claims and backing them up with data leaks. RansomHub's ransomware strains are written in Golang, a language gaining popularity in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions being among the notable victims.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, RansomHub likely exploited vulnerabilities within GarudaFood's network infrastructure. Common entry points for ransomware attacks include phishing emails, unpatched software, and weak network security protocols. Given GarudaFood's extensive digital transformation efforts and engagement with consumers through various channels, the company may have inadvertently exposed itself to cyber threats. The attack underscores the importance of robust cybersecurity measures, especially for companies with significant market presence and extensive digital operations.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!