Handala Group's Ransomware Attack Compromises Zerto Security

Incident Date: Jun 23, 2024

Attack Overview

VICTIM

Zerto Security

INDUSTRY

Software

LOCATION

Israel

ATTACKER

Handala

FIRST REPORTED

June 23, 2024

Request Removal

Ransomware Attack on Zerto Security by Handala Group

Company Profile: Zerto Security

Zerto, a Hewlett Packard Enterprise company, is a prominent player in the field of cloud data management and protection. Founded in 2009, Zerto specializes in providing disaster recovery solutions, data backup, and seamless workload mobility across various cloud platforms such as Microsoft Azure, AWS, and Google Cloud. With over 9,500 customers worldwide and generating more than $300 million in revenue, Zerto is recognized for its innovative approach in simplifying complex data protection challenges and ensuring minimal downtime and data loss.

Details of the Attack

The Handala ransomware group, known for its politically motivated cyberattacks, has recently targeted Zerto, claiming to have compromised 51 terabytes of data. The attack was not only significant in terms of the volume of data affected but also notable for its overt political messaging. Handala described Zerto as a "Zionist cybersecurity company," critiquing its security capabilities and its affiliations. This breach has led to substantial data loss and has raised questions about the robustness of Zerto's cybersecurity measures.

Profile of the Handala Ransomware Group

Handala is a cybercriminal organization with a history of targeting Israeli institutions and their affiliates, driven by a pro-Palestinian agenda. The group employs sophisticated phishing campaigns and multi-stage loading processes for its attacks, often resulting in significant data breaches and operational disruptions for the targeted entities. Handala's tactics include the use of obfuscated scripts and shellcode to evade detection, showcasing their advanced capabilities in cyber warfare.

Potential Vulnerabilities and Entry Points

While specific details of the breach's methodology are not disclosed, it is plausible that Handala exploited vulnerabilities in Zerto's network, possibly through phishing or other forms of social engineering. Given Zerto's role and scale in data protection, the breach underscores the critical need for continuous enhancement of cybersecurity protocols, especially against politically motivated cybercriminal groups like Handala.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.