Extra Co Group Targeted by RansomHub in Ransomware Incident
RansomHub Targets UAE-Based Extra Co Group in Ransomware Attack
Company Profile
Extra Co Group of Companies, established in 1979 and based in Sharjah, United Arab Emirates, is a leading industrial manufacturer known for its diverse product range including fiberglass composites, precast structures, and metal works. With a sprawling facility of 120,000 square meters, the company employs between 1,001 and 5,000 employees and reported an annual revenue of $17 million in 2023. Extra Co has expanded its reach globally, serving markets in the Middle East, Africa, Europe, and the United States, and holds numerous accreditations from globally recognized quality standards institutions.
Details of the Ransomware Attack
RansomHub, a relatively new ransomware group with suspected roots in Russia, has claimed responsibility for a cyberattack on Extra Co's operations. The attack targeted the company's website leading to the exfiltration of approximately 20 GB of data.
RansomHub's Modus Operandi
RansomHub operates under a Ransomware-as-a-Service (RaaS) model, with affiliates receiving 90% of the ransom proceeds. The group's ransomware strains are notably developed using Golang, a programming language that enhances the malware's robustness and evasion capabilities. This strategic choice suggests a sophisticated approach to bypassing conventional cybersecurity measures.
Potential Vulnerabilities and Entry Points
While the exact penetration methods used by RansomHub in this attack remain unclear, common entry points for such groups include phishing attacks, exploiting unpatched software vulnerabilities, or accessing weakly secured remote desktop protocols. Extra Co's extensive digital footprint and significant data repositories likely make it an attractive target for ransomware operators looking to leverage stolen data for ransom negotiations.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!