RansomHub Ransomware Breach Hits Castelli Group: 300GB Data Compromised

Incident Date: Jul 26, 2024

Attack Overview
VICTIM
Castelli Group
INDUSTRY
Real Estate
LOCATION
Italy
ATTACKER
Ransomhub
FIRST REPORTED
July 26, 2024

RansomHub Ransomware Attack on Castelli Group

Overview of the Attack

On July 29, 2024, Castelli Group, a diversified organization based in Perth, Western Australia, specializing in real estate development and property management, fell victim to a ransomware attack by the threat actor known as RansomHub. The attack resulted in a significant data breach, compromising approximately 300GB of sensitive information. This incident has raised serious concerns about data security and operational continuity for Castelli Group.

About Castelli Group

Castelli Group, established in 1999 by Sam Castelli, operates across multiple sectors, including property development, construction, wine production, and renewable energy. The company is known for its vertically integrated business model, which allows it to manage various stages of its operations efficiently. This model facilitates the capture of profits across different income streams and ensures a strong pipeline of quality projects. Castelli Group's commitment to quality and innovation has positioned it as a significant player in the Australian market.

RansomHub: The Ransomware Group

RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. RansomHub's ransomware strains are written in Golang, a language choice that may indicate future trends in ransomware development.

Penetration and Vulnerabilities

While specific details on how RansomHub penetrated Castelli Group's systems are not publicly disclosed, common vulnerabilities exploited by ransomware groups include weak passwords, unpatched software, and phishing attacks. Given Castelli Group's diversified operations and significant data handling, the company may have been targeted due to potential gaps in cybersecurity measures across its various business sectors.

Impact and Response

The ransomware attack on Castelli Group has led to a substantial data breach, affecting the company's ability to maintain operational continuity. As the group works to assess the full impact and mitigate the damage, this incident underscores the critical importance of robust cybersecurity measures in protecting sensitive information and ensuring business resilience.

Sources

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.