RansomHub Targets Spandex AG in Major Ransomware Attack

Incident Date: Jun 29, 2024

Attack Overview
VICTIM
Spandex AG
INDUSTRY
Business Services
LOCATION
Switzerland
ATTACKER
Ransomhub
FIRST REPORTED
June 29, 2024

RansomHub Claims Ransomware Attack on Spandex AG

Overview of Spandex AG

Spandex AG, headquartered in Switzerland, is a leading global supplier of materials, sign systems, displays, and equipment to the sign-making, graphics, and vehicle wrapping markets. Founded in 1976, the company has over 40 years of experience and operates in 19 countries, serving a customer base of 40,000 businesses. Spandex employs over 1,000 trained experts and fulfills over 3,000 orders per day from its 37 warehouses. The company’s extensive product portfolio includes over 35,000 items from leading brands, and it has achieved significant growth, reaching over €200 million in revenue in 2014.

What Makes Spandex Stand Out

Spandex is renowned for its comprehensive range of high-quality materials, state-of-the-art equipment, and innovative software solutions tailored for the sign-making, graphics, and display industries. The company offers an extensive selection of materials such as self-adhesive vinyl, digital printing media, banner materials, and specialty films. Additionally, Spandex supplies essential equipment like large format printers, cutting plotters, laminators, and heat presses. Their software solutions streamline the design and production process, enhancing productivity and creativity for their clients. Spandex also provides robust technical support and training services to ensure customers can effectively use their products and solutions.

Details of the Ransomware Attack

Spandex AG recently fell victim to a ransomware attack orchestrated by the RansomHub group. The cybercriminals behind RansomHub have claimed responsibility for the incident via their dark web leak site. The attack has raised concerns about the vulnerabilities within Spandex’s systems, which may have been exploited by the ransomware group.

About RansomHub

RansomHub is a relatively new ransomware group that has emerged in the cyber threat landscape. The group is believed to have roots in Russia and operates as a Ransomware-as-a-Service (RaaS) entity. Affiliates of RansomHub receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. Their ransomware strains are written in Golang, a language choice that aligns with recent trends in the ransomware world.

Potential Vulnerabilities and Penetration Methods

While specific details about how RansomHub penetrated Spandex’s systems are not publicly available, common vulnerabilities that ransomware groups exploit include outdated software, weak passwords, and insufficient network segmentation. RansomHub’s use of Golang for their ransomware strains suggests a sophisticated approach, potentially leveraging zero-day vulnerabilities or social engineering tactics to gain initial access. Once inside, the ransomware could have encrypted critical data, demanding a ransom for its release.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.