Ransomware Attack on GIMEX by RA Group

Company Profile:

GIMEX, a global company established in 1977, operates in the Transportation sector with an international presence. They provide support and services to clients in over 20 countries. The company is a significant player in the transportation industry, offering logistic solutions and services worldwide. With a diverse range of products and services, GIMEX has established itself as a key player in the global logistics sector.

Ransomware Attack:

On April 12th, 2024, GIMEX experienced a ransomware attack orchestrated by the cybercrime group RA World. The group extracted 50 GB of sensitive data, including financial documents, insurance contracts, accounting records, terrestrial file archives, and settlement receipts. Although no specific ransom demand was made, a portion of taken data was leaked. This incident has been classified as a very-high risk event.

Cybersecurity Risks and Threat Actor Tactics:

The global presence and extensive operations of the company could make them a potential target for cybercriminal groups like the RA Group ransomware. The company’s interconnected network across various regions provides multiple entry points for cyber attacks. Last, the nature of their business, involving the transportation of goods and services, means their sensitive data and valuable assets make them a prime target for ransomware attacks.

The RA Group’s ransomware tactics, such as double extortion and data exfiltration threats, present a significant risk to GIMEX. Their utilization of Babuk ransomware code and advanced encryption techniques further heightens the danger. The victim company must improve its cybersecurity measures, including regular security audits, employee training on cyber threats, and the implementation of protection protocols.

Sources:

GIMEX Official Website

Cyberint - RA Group Ransomware

CSO Online - New Ransomware Gang RA Group