RansomHub Ransomware Attack on AVL Systems Design

AVL Systems Design, a prominent audio, video, and lighting solutions provider based in Edmond, Oklahoma, has fallen victim to a ransomware attack by the notorious RansomHub group. The attackers claim to have exfiltrated 268 GB of sensitive data, including files related to accounting, current projects, QuickBooks, shared directories, and user information. RansomHub has threatened to publish the stolen data within the next 9-10 days, putting significant pressure on AVL Systems Design to respond swiftly.

About AVL Systems Design

Established in 2001, AVL Systems Design specializes in the design, installation, and service of advanced audio, video, and lighting (AVL) systems. The company operates across various sectors, including commercial spaces, performing arts centers, educational institutions, and houses of worship. With a workforce of approximately 15 employees and an estimated annual revenue of $5 million, AVL Systems Design has completed over 9,850 projects and received more than 53 awards for excellence in their field.

What sets AVL Systems Design apart is its commitment to integrating modern technologies for effective communication and collaboration. The company sources high-quality components from various manufacturers, ensuring that each system is both cost-effective and durable. Their focus on aesthetics and functionality makes them a standout player in the AVL industry.

Attack Overview

The ransomware attack on AVL Systems Design was executed by RansomHub, a Ransomware-as-a-Service (RaaS) group known for its aggressive affiliate model and double extortion tactics. The group has claimed responsibility for infiltrating AVL Systems Design's network and exfiltrating a substantial amount of sensitive data. The compromised data includes critical files related to accounting, ongoing projects, and user information, which could have severe implications for the company and its clients.

About RansomHub

RansomHub emerged as a significant player in the ransomware landscape by filling the void left by the disruption of other high-profile ransomware groups. The group is known for its speed and efficiency, employing advanced data exfiltration techniques and intermittent encryption to minimize encryption time while maintaining impact. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access to target networks.

Penetration and Vulnerabilities

RansomHub likely penetrated AVL Systems Design's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's affiliates are adept at conducting multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The use of advanced encryption techniques and modular architecture allows RansomHub to evade detection and deliver swift results, making them a formidable threat to organizations worldwide.

Sources

• AVL Systems Design
• Procore Network
• Metoree
• Dun & Bradstreet
• Glassdoor