RansomHub Ransomware Attack Disrupts GarudaFood Operations, Data at Risk

Incident Date: Jul 20, 2024

Attack Overview
VICTIM
GarudaFood
INDUSTRY
Consumer Services
LOCATION
Indonesia
ATTACKER
Ransomhub
FIRST REPORTED
July 20, 2024

RansomHub Ransomware Attack on GarudaFood

Overview of the Attack

GarudaFood Putra Putri Jaya Tbk, a leading Indonesian food and beverage company, has been targeted by the ransomware group RansomHub. The attack has severely disrupted the company's operations, with production coming to a halt and sensitive data being exfiltrated. RansomHub has issued an ultimatum, demanding negotiations through their specified chat channel, failing which they threaten to release the stolen data publicly.

About GarudaFood

Founded in 1990, GarudaFood is one of Indonesia's largest food and beverage companies, with business activities dating back to 1979. The company operates under the Tudung Group and is headquartered in South Jakarta. GarudaFood's product portfolio includes snacks, chocolate, biscuits, and dairy items, marketed under well-known brands such as Garuda, Gery, Chocolatos, Clevo, Prochiz, Okky, and Mountea. The company exports to over 30 countries, primarily focusing on ASEAN nations and China. GarudaFood's commitment to innovation, quality, and customer satisfaction has earned it numerous awards, including the HR Excellence Award for Learning & Development and Knowledge Management in 2023.

RansomHub: The Ransomware Group

RansomHub is a relatively new player in the ransomware landscape, operating as a Ransomware-as-a-Service (RaaS) group. Believed to have roots in Russia, RansomHub's operations resemble traditional Russian ransomware setups. The group distinguishes itself by making claims and backing them up with data leaks. RansomHub's ransomware strains are written in Golang, a language gaining popularity in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions being among the notable victims.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, RansomHub likely exploited vulnerabilities within GarudaFood's network infrastructure. Common entry points for ransomware attacks include phishing emails, unpatched software, and weak network security protocols. Given GarudaFood's extensive digital transformation efforts and engagement with consumers through various channels, the company may have inadvertently exposed itself to cyber threats. The attack underscores the importance of robust cybersecurity measures, especially for companies with significant market presence and extensive digital operations.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.