RansomHub Ransomware Attack Disrupts INORDE's Economic Projects
RansomHub Targets Instituto Ourensano de Desarrollo Económico in Ransomware Attack
In a recent cyberattack, the ransomware group RansomHub has claimed responsibility for compromising the Instituto Ourensano de Desarrollo Económico (INORDE), a local administrative body in Ourense, Spain. INORDE, which operates under the Provincial Council of Ourense, focuses on promoting sustainable economic development in the region. The attack was announced on RansomHub's dark web leak site, raising concerns about the security of sensitive data managed by the institute.
About INORDE
INORDE is a public entity dedicated to fostering economic growth in Ourense. The institute manages projects funded by the European Union, targeting sectors such as tourism, agriculture, and entrepreneurship. INORDE supports local businesses, particularly in the agricultural sector, by promoting traditional practices and local products. Additionally, the institute organizes events to boost tourism, thereby stimulating local economic activity. INORDE's collaborative approach with local governments, businesses, and community organizations aims to create a resilient and sustainable economy.
Attack Overview
The ransomware attack on INORDE has potentially compromised critical systems and sensitive data. RansomHub, known for its aggressive double extortion tactics, encrypts victims' data and exfiltrates sensitive information to increase leverage in ransom demands. The attack on INORDE could disrupt ongoing projects and jeopardize the security of data related to local businesses and EU-funded initiatives.
RansomHub's Modus Operandi
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly gained notoriety for its adaptable and aggressive affiliate model. The group targets high-value sectors, including healthcare, financial services, and government. RansomHub affiliates use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. They then conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files.
Penetration and Impact
RansomHub's ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly across various platforms, including Windows, Linux, and ESXi. The group leverages vulnerabilities in unpatched systems and employs advanced data exfiltration techniques. INORDE's reliance on digital systems for project management and data storage made it a vulnerable target. The attack could severely impact the institute's operations, particularly its ability to manage EU-funded projects and support local businesses.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!