RansomHub Ransomware Attack on SP Mundi Câmbio: Data Breach & Cyber Threats
RansomHub Ransomware Attack on SP Mundi Câmbio
Overview of SP Mundi Câmbio
SP Mundi Câmbio, a foreign exchange agency based in São Paulo, Brazil, specializes in the purchase and sale of foreign currencies. Accredited by the Central Bank of Brazil, the company offers a streamlined service where customers can buy and receive currencies at home, benefiting from competitive rates. Operating with a small team of 2-10 employees, SP Mundi Câmbio is known for its efficient quote simulation system and home delivery service.
Details of the Ransomware Attack
Recently, the ransomware group RansomHub has claimed responsibility for an attack on SP Mundi Câmbio. The attack reportedly resulted in the exfiltration of 8 GB of sensitive data, including customer information, documents, and operational data. The compromised databases contain names, documents, addresses, CPFs, phone numbers, and payment amounts. A sample of the leaked data has been published on RansomHub's dark web leak site.
About RansomHub
RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare institutions. RansomHub's ransomware strains are written in Golang, a trend that is gaining traction in the ransomware world.
Potential Vulnerabilities
Given SP Mundi Câmbio's small team size and the nature of their operations, they may have been an attractive target for ransomware groups like RansomHub. The company's reliance on digital systems for currency transactions and customer data management could have provided multiple entry points for cyber attackers. The exact method of penetration remains unclear, but common vectors include phishing emails, unpatched software vulnerabilities, and weak network security protocols.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!