Lopez Hnos Under Siege: A Closer Look at the Rhysida Ransomware Attack

Incident Date: May 01, 2024

Attack Overview

VICTIM

Lopez Hnos

INDUSTRY

Manufacturing

LOCATION

Argentina

ATTACKER

Rhysida

FIRST REPORTED

May 1, 2024

Request Removal

Rhysida Ransomware Attack on Lopez Hnos: An In-Depth Analysis

Company Profile

Lopez Hnos, an established name in the Argentine agricultural sector, specializes in the buying, selling, transporting, and processing of crops. Founded in 1992, the company has grown to employ over 130 professionals, focusing on customer service and adaptability in a dynamic market. Their operations are critical in supporting Argentina's agricultural framework, making them a significant player in the industry.

Details of the Cyberattack

The Rhysida Ransomware Group targeted Lopez Hnos through a sophisticated cyberattack, encrypting critical data and demanding a ransom of 5 BTC (approximately $290,000). The attack compromised financial data, personally identifiable information (PII), and other sensitive documents. The exact volume of data exfiltrated remains undisclosed, but a sample of the data was publicly leaked to substantiate the breach.

Rhysida Ransomware Group's Modus Operandi

Rhysida, a relatively new but aggressive player in the cybercrime arena, has targeted various sectors with its advanced ransomware coded in C++. The group is known for its double extortion technique, where data is stolen before being encrypted. This tactic not only pressures victims through data encryption but also through the threat of public data exposure if ransoms are not paid.

The ransomware deploys via phishing campaigns, exploiting Windows OS vulnerabilities, and often gains initial access through stolen credentials. Post-infiltration, Rhysida uses tools like PsExec for lateral movement within the network, scanning and encrypting files using the ChaCha20 algorithm, and leaving behind a ransom note titled “CriticalBreachDetected.pdf”.

Potential Vulnerabilities at Lopez Hnos

The company's significant data volume, including sensitive financial and personal information, makes it an attractive target for ransomware attacks. The agricultural sector often underestimates cyber threat levels, potentially leading to less robust cybersecurity measures. Furthermore, the use of common IT infrastructure without adequate safeguards against phishing and credential theft may have left Lopez Hnos vulnerable to such a sophisticated attack.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.