Aeris Energy Data Breach by Hunters International Ransomware
Ransomware Attack on Aeris Energy by Hunters International
Aeris Energy, a leading Brazilian wind turbine blade manufacturer, was recently targeted in a ransomware attack by the threat actor group, Hunters International. The attack, which occurred on November 25, 2024, resulted in the exfiltration of a significant 1.3 TB of data, compromising 673,562 files. Aeris Energy, known for its specialization in wind energy solutions and manufacturing high-quality wind turbine blades, faced a severe breach of its cybersecurity defenses.
About Aeris Energy
Aeris Energy, founded in 2010, is headquartered in Caucaia, Ceará, Brazil, and employs approximately 6,144 people across its operations. The company specializes in the manufacturing of wind turbine blades and offers maintenance, repair, and inspection services related to wind energy. Aeris Energy has positioned itself as a key player in the renewable energy sector, with a reported revenue of R$2.5 billion for the fiscal year 2022.
Key Features of Aeris Energy
Aeris Energy stands out in the industry due to its state-of-the-art facilities, trained workforce, and commitment to sustainability. The company has strategic partnerships with major clients such as Acciona, GE, and Vestas, showcasing its ability to meet high industry standards. Additionally, Aeris Energy has expanded its offerings through the establishment of Aeris Service, a specialized division that provides maintenance and repair services for wind turbines.
Ransomware Attack Overview
The ransomware attack by Hunters International on Aeris Energy involved the exfiltration and encryption of 1.3 TB of data, including 673,562 files. The threat actor group utilizes double extortion tactics, combining data encryption with data theft to maximize leverage over its victims. Hunters International has executed over 130 attacks globally, targeting industries like healthcare, finance, and manufacturing.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in October 2023, leveraging code from the Hive ransomware operation. The group has demonstrated the capability to bypass advanced security measures and employs sophisticated techniques such as double extortion to extort ransoms from victims. Hunters International distinguishes itself with its cross-platform targeting capabilities and customization for affiliates.
Possible Penetration Methods
Hunters International likely penetrated Aeris Energy's systems through phishing campaigns, RDP exploitation, or supply chain attacks targeting IT staff to gain initial access. The group's malware framework, developed in Rust, provides adaptability for targeting both Windows and Linux environments effectively. By utilizing social engineering techniques and targeting industries with critical infrastructure, Hunters International maximizes the impact of its attacks.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!