RansomHub Ransomware Attack Disrupts INORDE's Economic Projects

Incident Date: Sep 05, 2024

Attack Overview
VICTIM
Instituto Ourensano de Desarrollo Económico)
INDUSTRY
Government
LOCATION
Spain
ATTACKER
Ransomhub
FIRST REPORTED
September 5, 2024

RansomHub Targets Instituto Ourensano de Desarrollo Económico in Ransomware Attack

In a recent cyberattack, the ransomware group RansomHub has claimed responsibility for compromising the Instituto Ourensano de Desarrollo Económico (INORDE), a local administrative body in Ourense, Spain. INORDE, which operates under the Provincial Council of Ourense, focuses on promoting sustainable economic development in the region. The attack was announced on RansomHub's dark web leak site, raising concerns about the security of sensitive data managed by the institute.

About INORDE

INORDE is a public entity dedicated to fostering economic growth in Ourense. The institute manages projects funded by the European Union, targeting sectors such as tourism, agriculture, and entrepreneurship. INORDE supports local businesses, particularly in the agricultural sector, by promoting traditional practices and local products. Additionally, the institute organizes events to boost tourism, thereby stimulating local economic activity. INORDE's collaborative approach with local governments, businesses, and community organizations aims to create a resilient and sustainable economy.

Attack Overview

The ransomware attack on INORDE has potentially compromised critical systems and sensitive data. RansomHub, known for its aggressive double extortion tactics, encrypts victims' data and exfiltrates sensitive information to increase leverage in ransom demands. The attack on INORDE could disrupt ongoing projects and jeopardize the security of data related to local businesses and EU-funded initiatives.

RansomHub's Modus Operandi

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly gained notoriety for its adaptable and aggressive affiliate model. The group targets high-value sectors, including healthcare, financial services, and government. RansomHub affiliates use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. They then conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files.

Penetration and Impact

RansomHub's ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly across various platforms, including Windows, Linux, and ESXi. The group leverages vulnerabilities in unpatched systems and employs advanced data exfiltration techniques. INORDE's reliance on digital systems for project management and data storage made it a vulnerable target. The attack could severely impact the institute's operations, particularly its ability to manage EU-funded projects and support local businesses.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.