Ransomware Attack on Crownlea Group by Hunters International

The Crownlea Group, a privately owned conglomerate based in the UK, has recently fallen victim to a ransomware attack orchestrated by the notorious ransomware group, Hunters International. This attack has resulted in a significant data breach, exposing sensitive information and jeopardizing the company's reputation.

About Crownlea Group

Established on November 25, 2002, Crownlea Group specializes in the manufacturing, importing, supplying, and distributing a diverse range of goods across various industries. The company operates multiple businesses under its umbrella, focusing on innovation and expansion. With a commitment to sustainability and environmental responsibility, Crownlea Group integrates these principles into its business practices and supply chain management. The company is headquartered in Leytonstone, London, and has a reported revenue of approximately $89 million.

Attack Overview

The ransomware attack was discovered on July 30, and it has led to a significant data breach involving 415.3GB of sensitive information. The leaked data includes passports and driving licenses from individuals across different countries. The attackers have publicly criticized Crownlea Group's CEO, Mr. Clinton Fisher, for refusing to negotiate, thereby exacerbating the severity of the incident. The breach has exposed 360,535 files, and the attackers have shared screenshots as proof of their access to Crownlea Group's networks.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group by law enforcement agencies. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, it is likely that Hunters International exploited vulnerabilities in Crownlea Group's cybersecurity infrastructure. The group's techniques and operational strategies resemble those of the Hive ransomware, suggesting they have inherited or adapted Hive's encryption methods and tactics. The attack on Crownlea Group underscores the importance of vigilant cybersecurity practices, especially for companies operating in diverse and expansive sectors.

Sources

• Crownlea Group Official Website
• SOCRadar: Dark Web Profile - Hunters International
• Quorum Cyber: Hunters International Ransomware Report
• Netenrich: Hunters International Group DLS Identity Exposure
• Global Security Mag: Hive Ransomware's Offspring - Hunters International Takes the Stage